Skip to content

Access Log

Jump to bottom
yusing edited this page Feb 6, 2025 · 2 revisions

Access log

Access loggers can be configured

  • in config.yml under entrypoint section
  • per route in docker labels or route files

Fields

Key Type Description Allowed Values Default
format string access log format common, combined, json combined
buffer_size int access log buffer size (in bytes) positive integer 64KB
path string access log path /var/log/access.log required
filters object access log filters (optional)
filters.*.negative bool negative filters true or false false
filters.status_codes.values integer or integer range status code filters
filters.method.values string method filters GET, POST, ...
filters.host.values string host filters hostname
filters.headers.values string headers filters case-sensitive key or key=value
filters.cidr.values string CIDR filters see below
fields object access log fields see below
fields.*.default string (field mode) default field behavior keep, drop, redact See Explanation
fields.*.config key:value mapping (key is case-sensitive) headers fields key: field_mode
fields.headers.config.* string headers fields header: field_mode
fields.query.config.* string query fields query: field_mode
fields.cookies.config.* string cookies fields cookie: field_mode

Explanation

  • Multiple access loggers can share the same log file
  • When filters.*.negative is set to true, request that matches any of the negative filters will not be logged
  • When fields.*.default is set to keep, that field will be logged
  • When fields.*.default is set to redact, that field will be redacted as REDACTED
    • fields.query.default = redact will replace query string into like ?key=REDACTED
    • other field config has effect only when access_log.format is set to json
  • When fields.*.default is set to drop, that field will be dropped
  • Default field config:
    • query.default = keep
    • cookies.default = drop
    • headers.default = drop

Syntax

# config.yml
entrypoint:
  access_log:
    format: json
    buffer_size: 4096
    path: /var/log/example.log
    filters:
      status_codes:
        values:
          - 200-299
          - 101
      method:
        values:
          - GET
      host:
        values:
          - example.y.z
      headers:
        negative: true
        values:
          - foo=bar # when key "foo" is present and value is `bar`
          - baz # when key "bar" is present
      cidr:
        values:
          - 192.168.10.0/24
    fields:
      headers:
        default: keep
        config:
          foo: redact
      query:
        default: drop
        config:
          foo: keep
      cookies:
        default: redact
        config:
          foo: keep

# route file
# same as above, but under your app config, i.e.
app1:
  access_log:
    format: json
    ...

# docker labels - string as inline mapping
proxy.app1.access_log: |
  format: json
  buffer_size: 4096
  ...

# docker labels - full label
proxy.app1.access_log.format: json
proxy.app1.access_log.buffer_size: 4096
proxy.app1.access_log.filters.status_codes.values: 200-299,300
proxy.app1.access_log.fields.headers.config.foo: redact

Example

Log all remote requests and IP headers

access_log:
  format: json
  path: /app/logs/access.json.log
  filters:
    cidr:
      negative: true
      values:
        - 127.0.0.1/32
        - 172.16.0.0/12
        - 192.168.0.0/16
        - 10.0.0.0/8
  fields:
    headers:
      default: drop # drop app headers in log
      config: # keep only these
        X-Real-Ip: keep
        CF-Connecting-Ip: keep
        X-Forwarded-For: keep
Clone this wiki locally