AccessLogPolicy

Proto: access_log_policy.proto

Package: observability.policy.gloo.solo.io

Configure how access logs are recorded for your services. You can use access log policies to configure log collection for workloads that have injected sidecars or are standalone proxies, such as gateways. AccessLogPolicies are applied at the Workload level.

Note: Be sure to enable access logging by modifying your default Istio operator installation.

Example: This example filters access logs for the reviews service, so that only logs that contain the header foo: bar are recorded.

apiVersion: observability.policy.gloo.solo.io/v2
kind: AccessLogPolicy
metadata:
  name: access-log-policy
  namespace: bookinfo
spec:
  applyToWorkloads:
  - selector:
      cluster: cluster1
      labels:
        app: reviews
      namespace: bookinfo
  config:
    filters:
    #- statusCodeMatcher:
    #    value: 200
    #    comparator: EQ
    - headerMatcher:
        name: foo
        value: bar
        regex: false
        invertMatch: false
    #includedRequestHeaders:
    #  - x-user-agent
    #includedResponseHeaders:
    #  - x-server
    #includedResponseTrailers:
    #  - x-expires
    #includedFilterStateObjects:

Types:

AccessLogPolicyReport

The report shows the resources that the policy selects after the policy is successfully applied.

Field Description
workspaces (repeated AccessLogPolicyReport.WorkspacesEntry)

A list of workspaces in which the policy can apply to workloads.
selectedWorkloads (repeated common.gloo.solo.io.WorkloadReference)

A list of workloads selected by the policy.

AccessLogPolicyReport.WorkspacesEntry

Field Description
key (string)

value (common.gloo.solo.io.Report)

AccessLogPolicySpec

Specifications for the policy.

Field Description
applyToWorkloads (repeated common.gloo.solo.io.WorkloadSelector)

Select the workloads where access logs will be collected. If empty, the policy applies to all workloads in the workspace.
config (AccessLogPolicySpec.Config)

Details of the policy specifying how to collect access logs from the selected workloads.

AccessLogPolicySpec.Config

Details of the policy specifying how to collect access logs from the selected workloads.

Field Description
filters (repeated AccessLogPolicySpec.Config.Filter)

Criteria for determining which access logs are recorded for the workload. The list is disjunctive, meaning that a request is logged if it matches any filter. If empty, all access logs are recorded.
includedRequestHeaders (repeated string)

Request headers to include in access logs.
includedResponseHeaders (repeated string)

Response headers to include in access logs.
includedResponseTrailers (repeated string)

Response trailers to include in access logs.
includedFilterStateObjects (repeated string)

Filter state objects to include in access logs.

AccessLogPolicySpec.Config.Filter

Criteria for recording access logs. A request must match all specified criteria in the filter to be recorded.

Field Description
statusCodeMatcher (common.gloo.solo.io.StatusCodeMatcher)

Matches against a response HTTP status code. Omit to match any status code.
headerMatcher (common.gloo.solo.io.HeaderMatcher)

Matches against a request or response HTTP header. Omit to match any headers.

AccessLogPolicyStatus

The status of the policy after it is applied to your Gloo environment.

Field Description
common (common.gloo.solo.io.Status)

The state and workspace conditions of the applied policy.
numSelectedWorkloads (uint32)

The number of workloads selected by the policy.