Proto: access_log_policy.proto


Configure how access logs are recorded for your services. You can use access log policies to configure log collection for workloads that have injected sidecars or are standalone proxies, such as gateways. AccessLogPolicies are applied at the Workload level.

Note: Be sure to enable access logging by modifying your default Istio operator installation.

Example: This example filters access logs for the reviews service, so that only logs that contain the header foo: bar are recorded.

kind: AccessLogPolicy
  name: access-log-policy
  namespace: bookinfo
  - selector:
      cluster: cluster1
        app: reviews
      namespace: bookinfo
    #- statusCodeMatcher:
    #    value: 200
    #    comparator: EQ
    - headerMatcher:
        name: foo
        value: bar
        regex: false
        invertMatch: false
    #  - x-user-agent
    #  - x-server
    #  - x-expires



The report shows the resources that the policy selects after the policy is successfully applied.

Field Description
workspaces (repeated AccessLogPolicyReport.WorkspacesEntry)

A list of workspaces in which the policy can apply to workloads.
selectedWorkloads (repeated

A list of workloads selected by the policy.


Field Description
key (string)

value (


Specifications for the policy.

Field Description
applyToWorkloads (repeated

Select the workloads where access logs will be collected. If empty, the policy applies to all workloads in the workspace.
config (AccessLogPolicySpec.Config)

Details of the policy specifying how to collect access logs from the selected workloads.


Details of the policy specifying how to collect access logs from the selected workloads.

Field Description
filters (repeated AccessLogPolicySpec.Config.Filter)

Criteria for determining which access logs are recorded for the workload. The list is disjunctive, meaning that a request is logged if it matches any filter. If empty, all access logs are recorded.
includedRequestHeaders (repeated string)

Request headers to include in access logs.
includedResponseHeaders (repeated string)

Response headers to include in access logs.
includedResponseTrailers (repeated string)

Response trailers to include in access logs.
includedFilterStateObjects (repeated string)

Filter state objects to include in access logs.


Criteria for recording access logs. A request must match all specified criteria in the filter to be recorded.

Field Description
statusCodeMatcher (

Matches against a response HTTP status code. Omit to match any status code.
headerMatcher (

Matches against a request or response HTTP header. Omit to match any headers.


The status of the policy after it is applied to your Gloo environment.

Field Description
common (

The state and workspace conditions of the applied policy.
numSelectedWorkloads (uint32)

The number of workloads selected by the policy.