This project has been integrated into h2o/h2o.
A varnishlog-like BPF (kernel doc) backed HTTP request logging client for the H2O server. h2olog can also be used to log QUIC events for transport layer observation. See Tracing QUIC events for how.
See requirements for build prerequisites.
$ cmake -Bbuild
$ make -Cbuild
$ sudo make -Cbuild install
If you have BCC installed to a non-standard path, give its path as -DCMAKE_PREFIX_PATH to cmake.
For convenience, you can alternatively run the make.sh script.
- LLVM and clang (>= 3.7.1)
- CMake for generating the build files
- Python 3 for the code generator
- BCC (>= 0.11.0) installed on your system
For Ubuntu 20.04 or later, you can install dependencies with:
sudo apt install clang cmake python3 systemtap-sdt-dev libbpfcc-dev linux-headers-$(uname -r)- Root privilege to execute the program
- H2O server built after 53e1db42 with
-DWITH_DTRACE=oncmake option
Root privilege is required to interact with the BPF virtual machine.
$ sudo h2olog -p $(pgrep -o h2o)
11 0 RxProtocol HTTP/3.0
11 0 RxHeader :authority torumk.com
11 0 RxHeader :method GET
11 0 RxHeader :path /
11 0 RxHeader :scheme https
11 0 TxStatus 200
11 0 TxHeader content-length 123
11 0 TxHeader content-type text/html
... and more ...
Server-side QUIC events can be traced using the quic subcommand.
Events are rendered in JSON format.
$ sudo h2olog quic -p $(pgrep -o h2o)
^
|_ The quic subcommand
Here's an example trace.
{"time":1584380825832,"type":"accept","conn":1,"dcid":"f8aa2066e9c3b3cf"}
{"time":1584380825835,"type":"crypto-decrypt","conn":1,"pn":0,"len":1236}
{"time":1584380825832,"type":"quictrace-recv","conn":1,"pn":0}
{"time":1584380825836,"type":"crypto-handshake","conn":1,"ret":0}
... and more ...
h2olog is a BCC based C++ program. It was previously implemented using the BCC Python binding.