Access logging

The HTTP connection manager, the tcp proxy and the thrift proxy support extensible access logging with the following features:

  • Any number of access logs per a connection stream.

  • Customizable access log filters that allow different types of requests and responses to be written to different access logs.

Downstream connection access logging can be enabled using listener access logs. The listener access logs complement HTTP request access logging and can be enabled separately and independently from filter access logs.

If access log is enabled, then by default it will be reported to the configured sinks at the end of a UDP session, TCP connection, or HTTP stream. It is possible to extend this behavior and report access logs periodically or at the start of a UDP session, TCP connection, or HTTP stream. Reporting access logs right upstream connection establishment or new incoming HTTP request does not depend on periodic reporting, and the other way around.

Start of session access logs

UDP Proxy

For UDP Proxy, when UDP tunneling over HTTP is configured, it is possible to enable an access log record once after a successful upstream tunnel connected by using access log flush interval

TCP Proxy

For TCP Proxy, it is possible to enable an access log record once after a successful upstream connection by using flush access log on connected

HTTP Connection Manager

For HTTP Connection Manager, it is possible to enable an access log once when a new HTTP request is received, and before iterating the filter chain by using flush access log on new request Note: Some information such as upstream host will not be available yet.

HTTP Router Filter

For Router Filter, is is possible to enable an upstream access log when a new upstream stream is associated with the downstream stream, and after successfully establishing a connection with the upstream by using flush upstream log on upstream stream Note: In case that the HTTP request involves retries, a start of request upstream access log will be recorded for each retry.

Periodic access logs

UDP Proxy

For UDP Proxy, it is possible to enable a prediodic access log by using access log flush interval

TCP Proxy

For TCP Proxy, it is possible to enable a prediodic access log by using access log flush interval Note: The first access log entry is generated one interval after a new connection is received by the TCP Proxy whether or not an upstream connection has been made.

HTTP Connection Manager

For HTTP Connection Manager, it is possible to enable a prediodic access log by using access log flush interval Note: The first access log entry is generated one interval after a new HTTP request is received by the HTTP Connection Manager and before iterating the HTTP filter chain, whether or not an upstream connection has been made.

HTTP Router Filter

For Router Filter, it is possible to enable a prediodic access log by using upstream log flush interval Note: The first access log entry is generated one interval after a new HTTP request is received by the router filter, whether or not an upstream connection has been made.

Access log filters

Envoy supports several built-in access log filters and extension filters that are registered at runtime.

Access logging sinks

Envoy supports pluggable access logging sinks. The currently supported sinks are:

File

  • Asynchronous IO flushing architecture. Access logging will never block the main network processing threads.

  • Customizable access log formats using predefined fields as well as arbitrary HTTP request and response headers.

gRPC

  • Envoy can send access log messages to a gRPC access logging service.

Stdout

  • Asynchronous IO flushing architecture. Access logging will never block the main network processing threads.

  • Customizable access log formats using predefined fields as well as arbitrary HTTP request and response headers.

  • Writes to the standard output of the process. It works in all platforms.

Stderr

  • Asynchronous IO flushing architecture. Access logging will never block the main network processing threads.

  • Customizable access log formats using predefined fields as well as arbitrary HTTP request and response headers.

  • Writes to the standard error of the process. It works in all platforms.

Fluentd

  • Flush access logs over a TCP connection to an upstream that is accepting the Fluentd Forward Protocol as described in: Fluentd Forward Protocol Specification.

  • The data sent over the wire is a stream of Fluentd Forward Mode events which may contain one or more access log entries (depending on the flushing interval and other configuration parameters).

Further reading