mirrors/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-09-20 21:31:14 +02:00
Code Issues Projects Releases Wiki Activity

Update Logs and Accesslogs Reference Documentation with OTLP Options

Browse Source
This commit is contained in:
Sheddy 2025-07-01 07:54:04 +01:00 committed by GitHub
parent c69a8b5cdb
commit 137efedba7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 154 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
View File

@ -44,8 +44,82 @@ The section below describe how to configure Traefik logs using the static config
| `log.maxBackups` | Maximum number of old log files to retain.<br />The default is to retain all old log files. | 0 | No |
| `log.compress` | Compress log files in gzip after rotation. | false | No |
### OpenTelemetry
Traefik supports OpenTelemetry for logging. To enable OpenTelemetry, you need to set the following in the static configuration:
```yaml tab="File (YAML)"
experimental:
otlpLogs: true
```
```toml tab="File (TOML)"
[experimental]
otlpLogs = true
```
```sh tab="CLI"
--experimental.otlpLogs=true
```
!!! warning
This is an experimental feature.
#### Configuration Example
```yaml tab="File (YAML)"
experimental:
otlpLogs: true
log:
otlp:
http:
endpoint: https://collector:4318/v1/logs
headers:
Authorization: Bearer auth_asKXRhIMplM7El1JENjrotGouS1LYRdL
```
```toml tab="File (TOML)"
[experimental]
otlpLogs = true
[log.otlp]
http.endpoint = "https://collector:4318/v1/logs"
http.headers.Authorization = "Bearer auth_asKXRhIMplM7El1JENjrotGouS1LYRdL"
```
```sh tab="CLI"
--experimental.otlpLogs=true
--log.otlp.http.endpoint=https://collector:4318/v1/logs
--log.otlp.http.headers.Authorization=Bearer auth_asKXRhIMplM7El1JENjrotGouS1LYRdL
```
#### Configuration Options
| Field | Description | Default | Required |
|:-----------|:-----------------------------------------------------------------------------|:--------|:---------|
| `log.otlp.http` | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP.| | No |
| `log.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| `log.otlp.http.headers` | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `log.otlp.http.tls` | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `log.otlp.http.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| `log.otlp.grpc` | This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC.| | No |
| `log.otlp.grpc.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| `log.otlp.grpc.headers` | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `log.otlp.grpc.insecure` | Instructs the exporter to send logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| `log.otlp.grpc.tls` | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `log.otlp.grpc.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
## AccessLogs
Access logs concern everything that happens to the requests handled by Traefik.
### Configuration Example
```yaml tab="File (YAML)"
@ -111,6 +185,7 @@ accessLog:
--accesslog.fields.headers.names.Authorization=drop
```
### Configuration Options
The section below describes how to configure Traefik access logs using the static configuration.
@ -121,15 +196,87 @@ The section below describes how to configure Traefik access logs using the stati
| `accesslog.format` | By default, logs are written using the Common Log Format (CLF).<br />To write logs in JSON, use `json` in the `format` option.<br />If the given format is unsupported, the default (CLF) is used instead.<br />More information about CLF fields [here](#clf-format-fields). | "common" | No |
| `accesslog.bufferingSize` | To write the logs in an asynchronous fashion, specify a `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No |
| `accesslog.addInternals` | Enables access logs for internal resources (e.g.: `ping@internal`). | false | No |
| `accesslog.filters.statusCodes` | Limit the access logs to requests with a status codes in the specified range. | false | No |
| `accesslog.filters.statusCodes` | Limit the access logs to requests with a status codes in the specified range. | [ ] | No |
| `accesslog.filters.retryAttempts` | Keep the access logs when at least one retry has happened. | false | No |
| `accesslog.filters.minDuration` | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)). | 0 | No |
| `accesslog.fields.defaultMode` | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No |
| `accesslog.fields.names` | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#available-fields). | - | No |
| `accesslog.fields.names` | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#available-fields). | [ ] | No |
| `accesslog.headers.defaultMode` | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No |
| `accesslog.headers.names` | Set the headers list to display in the access logs (format `name:mode`). | - | No |
| `accesslog.headers.names` | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No |
#### CLF format fields
### OpenTelemetry
Traefik supports OpenTelemetry for access logs. To enable OpenTelemetry, you need to set the following in the static configuration:
```yaml tab="File (YAML)"
experimental:
otlpLogs: true
```
```toml tab="File (TOML)"
[experimental]
otlpLogs = true
```
```sh tab="CLI"
--experimental.otlpLogs=true
```
!!! warning
This is an experimental feature.
#### Configuration Example
```yaml tab="File (YAML)"
experimental:
otlpLogs: true
accesslog:
otlp:
http:
endpoint: https://collector:4318/v1/logs
headers:
Authorization: Bearer auth_asKXRhIMplM7El1JENjrotGouS1LYRdL
```
```toml tab="File (TOML)"
[experimental]
otlpLogs = true
[accesslog.otlp]
http.endpoint = "https://collector:4318/v1/logs"
http.headers.Authorization = "Bearer auth_asKXRhIMplM7El1JENjrotGouS1LYRdL"
```
```yaml tab="CLI"
--experimental.otlpLogs=true
--accesslog.otlp.http.endpoint=https://collector:4318/v1/logs
--accesslog.otlp.http.headers.Authorization=Bearer auth_asKXRhIMplM7El1JENjrotGouS1LYRdL
```
#### Configuration Options
| Field | Description | Default | Required |
|:-----------|:--------------------------|:--------|:---------|
| `accesslog.otlp.http` | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP.| | No |
| `accesslog.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| `accesslog.otlp.http.headers` | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `accesslog.otlp.http.tls` | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `accesslog.otlp.http.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| `accesslog.otlp.grpc` | This instructs the exporter to send access logs to the OpenTelemetry Collector using gRPC.| | No |
| `accesslog.otlp.grpc.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| `accesslog.otlp.grpc.headers` | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `accesslog.otlp.grpc.insecure` | Instructs the exporter to send access logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| `accesslog.otlp.grpc.tls` | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `accesslog.otlp.grpc.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
### CLF format fields
Below the fields displayed with the CLF format:
@ -140,7 +287,7 @@ Below the fields displayed with the CLF format:
"<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
```
#### Available Fields
### Available Fields
| Field | Description |
|-------------------------|------------------|
@ -179,7 +326,7 @@ Below the fields displayed with the CLF format:
| `TLSCipher` | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS). |
| `TLSClientSubject` | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`). |
#### Log Rotation
### Log Rotation
Traefik close and reopen its log files, assuming they're configured, on receipt of a USR1 signal.
This allows the logs to be rotated and processed by an external program, such as `logrotate`.
@ -187,7 +334,7 @@ This allows the logs to be rotated and processed by an external program, such as
!!! warning
This does not work on Windows due to the lack of USR signals.
#### Time Zones
### Time Zones
Traefik will timestamp each log line in UTC time by default.