ARTIFACTORY: How to Identify Artifactory’s Incoming and Outgoing HTTP Traffic

Daniel Augustine
2021-04-06 11:53

If you’re facing issues that require you to identify incoming/outgoing HTTP traffic from Artifactory, two tools are available to assist you:

  • Artifactory's Debug HTTP logger: Be WARNED that you should only use this tool if you know precisely what you are doing. Mistakes can result in a lot of log output that may fill up your disk fast and/or cause performance issues. If you do use this tool, do not leave it running. Enable it when you need it and then turn it off!
  • tcpdump: This tool can be used to identify all types of traffic coming to/going from your Artifactory instance. It may be installed on your local Artifactory machine and can be run in several different ways. For the purposes of this article, we’ll show you how to display HTTP traffic, but the tool can be used to identify all TCP traffic.

Both tools can be invoked as follows:

1. HTTP Debug Loggers in Artifactory (if HA, this must be done per node)

Once again, please read the warning in the Description section before using this tool. If you’re certain that you’re ready to proceed, add the following to the bottom of the $ARTIFACTORY_HOME/etc/logback.xml file, just above the </configuration> tag:
 

<appender name="http" class="ch.qos.logback.core.rolling.RollingFileAppender">
  <File>${artifactory.home}/logs/http.log</File>
  <encoder>
    <pattern>%date ${artifactory.contextId}[%thread] [%-5p] \(%-20c{3}:%L\) - %m%n</pattern>
  </encoder>
  <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
    <FileNamePattern>${artifactory.home}/logs/http.%i.log</FileNamePattern>
    <maxIndex>13</maxIndex>
  </rollingPolicy>
  <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
    <MaxFileSize>10MB</MaxFileSize>
  </triggeringPolicy>
</appender>

<logger name="org.apache.http.wire" additivity="false">
<level value="TRACE"/>
<appender-ref ref="http"/>
</logger>

 

You may change the level value to be either DEBUG or leave it as TRACE. The contents of the $ARTIFACTORY_HOME/etc/logs/http.log will show all of your HTTP traffic.

For Access, you can execute this action under $ACCESS_HOME/etc/logback.xml:

 

<appender name="http" class="ch.qos.logback.core.rolling.RollingFileAppender">
<File>${jfrog.access.home}/logs/http.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<FileNamePattern>${jfrog.access.home}/logs/http.%i.log</FileNamePattern>
<MinIndex>1</MinIndex>
<MaxIndex>9</MaxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>25MB</MaxFileSize>
</triggeringPolicy>
<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.jfrog.common.logging.logback.layout.BackTracePatternLayout">
<pattern>%date [%thread] [%-5p] (%-20c{3}:%L) – %m%n</pattern>
</layout>
</encoder>
</appender>

<logger name="org.apache.http.wire" additivity="false">
<level value="TRACE"/>
<appender-ref ref="http"/>
</logger>

That will go into $ACCESS_HOME/logs/http.log

2. tcpdump command

This can be set to listen specifically to traffic on port 8081 of the Artifactory instance. This will output to the artifactory-http.log file. You’ll need to have tcmpdump installed on the machine, which can be accomplished with most package managers. It can also be download directly from the internet:

tcpdump -A -s 0 'tcp port 8081 and (((ip[2:2] – ((ip[0]&0xf)<<2)) – ((tcp[12]&0xf0)>>2)) != 0)' > artifactory-http.log