Proto: access_log_policy.proto




AccessLogPolicy is used to collect access logs from workloads which have injected (sidecars) or are standalone proxies (gateways). AccessLogPolicies are applied at the Workload level.

Field Description
applyToWorkloads (repeated

Select the workloads where access logs will be collected. If left empty, will apply to all workloads in the workspace.
config (AccessLogPolicySpec.Config)

The details of the policy specifying how to collect access logs from the selected workloads.


Field Description
filters (repeated AccessLogPolicySpec.Config.Filter)

Configure criteria for determining which access logs will be recorded. The list is disjunctive, a request will be recorded if it matches any filter. Leave empty to emit all access logs.
includedRequestHeaders (repeated string)

Specify request headers to include in access logs.
includedResponseHeaders (repeated string)

Specify response headers to include in access logs.
includedResponseTrailers (repeated string)

Specify response trailers to include in access logs.
includedFilterStateObjects (repeated string)

Specify filter state objects to include in access logs.


Specify criteria for recording access logs. A request must match all specified criteria to be recorded.

Field Description
statusCodeMatcher (

Matches against a response status code. Omit to match any status code.
headerMatcher (

Matches against a request or response header. Omit to match any headers.


Reflects the status of the AccessLogPolicy.

Field Description
global (

workspaces (repeated AccessLogPolicyStatus.WorkspacesEntry)

The status of the resource in each workspace that it exists in.
selectedWorkloads (repeated

DEPRECATED: Use selected_workload_refs instead
selectedWorkloadRefs (repeated

Workloads selected by the policy


Field Description
key (string)

value (