How can I find incoming and outgoing HTTP traffic from Artifactory?

Subject 

If you are facing issues in which you need to identify incoming/outgoing HTTP traffic, this article will help guide you.

Description

How can I find the incoming and outgoing HTTP traffic from Artifactory? In order to do this, there are two tools you have at your disposal to find this traffic. First, you can use Artifactory's debug HTTP logger. WARNING: only use this if you know what you are doing, this can result in a lot of log output that may fill up your disk fast and/or cause performance issues. If you choose to use this tool, DO NOT leave it running, enable it while you need it and then turn it off. 

You can also use a tool called tcpdump, which can be used to find all types of traffic to/from your Artifactory instance. This tool can be installed on the local Artifactory machine and has several ways to run it (in this article we will only show displaying HTTP traffic, but it can be used for all TCP traffic). 

Resolution

The two tools discussed above can be invoked as such:

1. HTTP Debug Loggers in Artifactory (this must be done per node if HA):

Once again, please read the warning in the Description section BEFORE using this. Add the following to the bottom of $ARTIFACTORY_HOME/etc/logback.xml, just above the </configuration> tag:
 

<appender name="http" class="ch.qos.logback.core.rolling.RollingFileAppender">
  <File>${artifactory.home}/logs/http.log</File>
  <encoder>
    <pattern>%date ${artifactory.contextId}[%thread] [%-5p] (%-20c{3}:%L) – %m%n</pattern>
  </encoder>
  <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
    <FileNamePattern>${artifactory.home}/logs/http.%i.log</FileNamePattern>
    <maxIndex>13</maxIndex>
  </rollingPolicy>
  <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
    <MaxFileSize>10MB</MaxFileSize>
  </triggeringPolicy>
</appender>

<logger name="org.apache.http.wire" additivity="false">
<level value="TRACE"/>
<appender-ref ref="http"/>
</logger>

You can change the level value to be either DEBUG or leave it as TRACE, and the contents of $ARTIFACTORY_HOME/etc/logs/http.log will be the HTTP traffic.

For Access, do so under $ACCESS_HOME/etc/logback.xml:

<appender name="http" class="ch.qos.logback.core.rolling.RollingFileAppender">
<File>${jfrog.access.home}/logs/http.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<FileNamePattern>${jfrog.access.home}/logs/http.%i.log</FileNamePattern>
<MinIndex>1</MinIndex>
<MaxIndex>9</MaxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>25MB</MaxFileSize>
</triggeringPolicy>
<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.jfrog.common.logging.logback.layout.BackTracePatternLayout">
<pattern>%date [%thread] [%-5p] (%-20c{3}:%L) – %m%n</pattern>
</layout>
</encoder>
</appender>

<logger name="org.apache.http.wire" additivity="false">
<level value="TRACE"/>
<appender-ref ref="http"/>
</logger>

That will go into $ACCESS_HOME/logs/http.log

Or 2. You can use the following tcpdump command to listen to traffic specifically on port 8081 of the Artifactory instance, which will output to a file called artifactory-http.log. You will need to have 'tcmpdump' installed on the machine (you can install this with most package managers or download it from the internet). 

tcpdump -A -s 0 'tcp port 8081 and (((ip[2:2] – ((ip[0]&0xf)<<2)) – ((tcp[12]&0xf0)>>2)) != 0)' > artifactory-http.log