mirrors/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-09-20 13:21:19 +02:00
Code Issues Projects Releases Wiki Activity
traefik/docs/content/observe/logs-and-access-logs.md
Simon Delicata e2282b1379
Add GenericCLF log format for access logs
2025-09-08 11:24:05 +02:00

5.1 KiB
Raw Blame History

title, description
title description
Logs and Access Logs Logs and Access Logs in Traefik Proxy provide real-time insight into the health of your system. They enable swift error detection and intervention through alerts. By centralizing logs, you can streamline the debugging process during incident resolution.

Logs

Logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).

Configuration Example

To enable and configure logs in Traefik Proxy, you can use the static configuration file or Helm values if you are using the Helm chart.

log:
  filePath: "/path/to/log-file.log"
  format: json
  level: INFO

[log]
  filePath = "/path/to/log-file.log"
  format = "json"
  level = "INFO"

logs:
  general:
    filePath: "/path/to/log-file.log"
    format: json
    level: INFO

Access Logs

Access logs concern everything that happens to the requests handled by Traefik.

Configuration Example

To enable and configure access logs in Traefik Proxy, you can use the static configuration file or Helm values if you are using the Helm chart.

The following example enables access logs in JSON format, filters them to only include specific status codes, and customizes the fields that are kept or dropped.

accessLog:
  format: json
  filters:
    statusCodes:
      - "200"
      - "400-404"
      - "500-503"
  fields:
    names:
      ClientUsername: drop
    headers:
      defaultMode: keep
      names:
        User-Agent: redact
        Content-Type: keep

[accessLog]
  format = "json"
  [accessLog.filters]
    statusCodes = ["200", "400-404", "500-503"]
  [accessLog.fields]
    [accessLog.fields.names]
      ClientUsername = "drop"
    [accessLog.fields.headers]
      defaultMode = "keep"
      [accessLog.fields.headers.names]
        "User-Agent" = "redact"
        "Content-Type" = "keep"

# values.yaml
logs:
  access:
    enabled: true
    format: json
    filters:
      statusCodes:
        - "200"
        - "400-404"
        - "500-503"
    fields:
      names:
        ClientUsername: drop
      headers:
        defaultMode: keep
        names:
          User-Agent: redact
          Content-Type: keep

Per-Router Access Logs

You can enable or disable access logs for a specific router. This is useful for turning off logging for noisy routes while keeping it on globally.

Here's an example of disabling access logs on a specific router:

http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      observability:
        accessLogs: false

[http.routers.my-router.observability]
  accessLogs = false

# ingressroute.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: my-router
spec:
  routes:
    - kind: Rule
      match: Host(`example.com`)
      services:
        - name: my-service
          port: 80
      observability:
        accessLogs: false

labels:
  - "traefik.http.routers.my-router.observability.accesslogs=false"

{
  // ...
  "Tags": [
    "traefik.http.routers.my-router.observability.accesslogs=false"
  ]
}

When the observability options are not defined on a router, it inherits the behavior from the entrypoint's observability configuration, or the global one.

Log Formats

Traefik Proxy supports the following log formats:

  • common - Traefik's extended CLF format (default)
  • genericCLF - Generic CLF format compatible with standard log analyzers
  • json - JSON format for structured logging

Access Log Filters

You can configure Traefik Proxy to only record access logs for requests that match certain criteria. This is useful for reducing the volume of logs and focusing on specific events.

The available filters are:

  • Status Codes: Keep logs only for requests with specific HTTP status codes or ranges (e.g., 200, 400-404).
  • Retry Attempts: Keep logs only when a request retry has occurred.
  • Minimum Duration: Keep logs only for requests that take longer than a specified duration.

Log Fields Customization

When using the json format, you can customize which fields are included in your access logs.

  • Request Fields: You can choose to keep, drop, or redact any of the standard request fields. A complete list of available fields like ClientHost, RequestMethod, and Duration can be found in the reference documentation.
  • Request Headers: You can also specify which request headers should be included in the logs, and whether their values should be kept, dropped, or redacted.

!!! info For detailed configuration options, refer to the reference documentation.