Access logging

The HTTP connection manager, the tcp proxy and the thrift proxy support extensible access logging with the following features:

  • Multiple access logs per connection stream.

  • Customizable access log filters for routing different requests/responses to separate logs.

  • Independent downstream connection logging via listener access logs.

Downstream connection access logging can be enabled using listener access logs. The listener access logs complement HTTP request access logging and can be enabled separately and independently from filter access logs.

By default, if access logging is enabled, logs are sent to the configured sinks at the end of each UDP session, TCP connection, or HTTP stream. However, it is possible to extend this behavior and report access logs periodically or at the start of a UDP session, TCP connection, or HTTP stream. Generating access logs at the start of an upstream connection or request does not depend on periodic logging, and vice versa.

Start of session access logs

UDP Proxy

For UDP Proxy, when UDP tunneling over HTTP is configured, it is possible to enable an access log record once after a successful upstream tunnel connection is established by enabling flush access log on tunnel connected.

TCP Proxy

For TCP Proxy, it is possible to enable a one-time access log entry right after a successful upstream connection by enabling flush access log on connected

HTTP Connection Manager

For HTTP Connection Manager, it is possible to enable a one-time access log entry each time a new HTTP request arrives, and before the filter chain is processed by enabling flush access log on new request

Note

Some information such as upstream host will not be available yet.

HTTP Router Filter

For Router Filter, it is possible to enable one-time upstream access log entry each time a new upstream stream is associated with a downstream stream, after the connection with the upstream is established, by enabling flush upstream log on upstream stream

Note

If the HTTP request involves retries, a start-of-request upstream access log is generated for each retry attempt.

Periodic access logs

UDP Proxy

For UDP Proxy, it is possible to enable periodic logging by configuring an access log flush interval

TCP Proxy

For TCP Proxy, it is possible to enable periodic logging by configuring an access log flush interval

Note

The first log entry is generated one interval after a new connection is received, regardless of whether an upstream connection is made.

HTTP Connection Manager

For HTTP Connection Manager, it is possible to enable periodic logging by configuring an access log flush interval

Note

The first log entry is generated one interval after a new HTTP request is received by the HTTP Connection Manager (and before processing the filter chain), regardless of whether an upstream connection is made.

HTTP Router Filter

For Router Filter, it is possible to enable periodic logging by configuring an upstream log flush interval

Note

The first log entry is generated one interval after a new HTTP request is received by the router filter, regardless of whether an upstream connection is made.

Access log filters

Envoy supports several built-in access log filters and extension filters that are registered at runtime.

Access logging sinks

Envoy supports pluggable access logging sinks. The currently supported sinks are:

File

  • Uses an asynchronous I/O flushing mechanism so it never blocks the main network threads.

  • Offers customizable log formats through predefined fields and arbitrary HTTP request/response headers.

gRPC

  • Used to send access log messages to a gRPC access logging service.

Stdout

  • Uses an asynchronous I/O flushing mechanism so it never blocks the main network threads.

  • Offers customizable log formats through predefined fields and arbitrary HTTP request/response headers.

  • Writes to the standard output of the process. It is supported on all platforms.

Stderr

  • Uses an asynchronous I/O flushing mechanism so it never blocks the main network threads.

  • Offers customizable log formats through predefined fields and arbitrary HTTP request/response headers.

  • Writes to the standard error of the process. It is supported on all platforms.

Fluentd

  • Sends access logs over a TCP connection to an upstream destination that supports the Fluentd Forward Protocol as described in: Fluentd Forward Protocol Specification.

  • The data sent over the wire is a stream of Fluentd Forward Mode events which may contain one or more access log entries (depending on the flushing interval and other configuration parameters).

Further reading