ContextQMD
Back to Apisix

syslog

docs/en/latest/plugins/syslog.md

3.16.09.6 KB
Original Source
<!-- # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # -->

Description

The syslog Plugin is used to push logs to a Syslog server.

Logs can be set as JSON objects.

Attributes

NameTypeRequiredDefaultValid valuesDescription
hoststringTrueIP address or the hostname of the Syslog server.
portintegerTrueTarget port of the Syslog server.
namestringFalse"sys logger"Identifier for the server. If you use Prometheus to monitor APISIX metrics, the name is exported in apisix_batch_process_entries.
timeoutintegerFalse3000[1, ...]Timeout in ms for the upstream to send data.
tlsbooleanFalsefalseWhen set to true performs TLS verification.
flush_limitintegerFalse4096[1, ...]Maximum size of the buffer (KB) and the current message before it is flushed and written to the server.
drop_limitintegerFalse1048576Maximum size of the buffer (KB) and the current message before the current message is dropped because of the size limit.
sock_typestringFalse"tcp"["tcp", "udp]Transport layer protocol to use.
pool_sizeintegerFalse5[5, ...]Keep-alive pool size used by sock:keepalive.
log_formatobjectFalseLog format declared as key-value pairs in JSON. Values support strings and nested objects (up to five levels deep; deeper fields are truncated). Within strings, APISIX or NGINX variables can be referenced by prefixing with $.
include_req_bodybooleanFalsefalse[false, true]When set to true includes the request body in the log.
include_req_body_exprarrayFalseFilter for when the include_req_body attribute is set to true. Request body is only logged when the expression set here evaluates to true. See lua-resty-expr for more.
max_req_body_bytesintegerFalse524288>=1Request bodies within this size will be logged, if the size exceeds the configured value it will be truncated before logging.
include_resp_bodybooleanFalsefalse[false, true]When set to true includes the response body in the log.
include_resp_body_exprarrayFalseWhen the include_resp_body attribute is set to true, use this to filter based on lua-resty-expr. If present, only logs the response if the expression evaluates to true.
max_resp_body_bytesintegerFalse524288>=1Response bodies within this size will be logged, if the size exceeds the configured value it will be truncated before logging.

This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every 5 seconds or when the data in the queue reaches 1000. See Batch Processor for more information or setting your custom configuration.

meta_format example

text
"<46>1 2024-01-06T02:30:59.145Z 127.0.0.1 apisix 82324 - - {\"response\":{\"status\":200,\"size\":141,\"headers\":{\"content-type\":\"text/plain\",\"server\":\"APISIX/3.7.0\",\"transfer-encoding\":\"chunked\",\"connection\":\"close\"}},\"route_id\":\"1\",\"server\":{\"hostname\":\"baiyundeMacBook-Pro.local\",\"version\":\"3.7.0\"},\"request\":{\"uri\":\"/opentracing\",\"url\":\"http://127.0.0.1:1984/opentracing\",\"querystring\":{},\"method\":\"GET\",\"size\":155,\"headers\":{\"content-type\":\"application/x-www-form-urlencoded\",\"host\":\"127.0.0.1:1984\",\"user-agent\":\"lua-resty-http/0.16.1 (Lua) ngx_lua/10025\"}},\"upstream\":\"127.0.0.1:1982\",\"apisix_latency\":100.99999809265,\"service_id\":\"\",\"upstream_latency\":1,\"start_time\":1704508259044,\"client_ip\":\"127.0.0.1\",\"latency\":101.99999809265}\n"

Metadata

You can also set the format of the logs by configuring the Plugin metadata. The following configurations are available:

NameTypeRequiredDefaultDescription
log_formatobjectFalseLog format declared as key-value pairs in JSON. Values support strings and nested objects (up to five levels deep; deeper fields are truncated). Within strings, APISIX or NGINX variables can be referenced by prefixing with $.

:::info IMPORTANT

Configuring the Plugin metadata is global in scope. This means that it will take effect on all Routes and Services which use the syslog Plugin.

:::

The example below shows how you can configure through the Admin API:

:::note You can fetch the admin_key from config.yaml and save to an environment variable with the following command:

bash
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')

:::

shell
curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/syslog -H "X-API-KEY: $admin_key" -X PUT -d '
{
    "log_format": {
        "host": "$host",
        "@timestamp": "$time_iso8601",
        "client_ip": "$remote_addr",
        "request": { "method": "$request_method", "uri": "$request_uri" },
        "response": { "status": "$status" }
    }
}'

With this configuration, your logs would be formatted as shown below:

shell
{"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","request":{"method":"GET","uri":"/hello"},"response":{"status":200},"route_id":"1"}
{"host":"localhost","@timestamp":"2020-09-23T19:05:05-04:00","client_ip":"127.0.0.1","request":{"method":"GET","uri":"/hello"},"response":{"status":200},"route_id":"1"}

Enable Plugin

The example below shows how you can enable the Plugin for a specific Route:

shell
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
    "plugins": {
        "syslog": {
                "host" : "127.0.0.1",
                "port" : 5044,
                "flush_limit" : 1
            }
    },
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    },
    "uri": "/hello"
}'

Example usage

Now, if you make a request to APISIX, it will be logged in your Syslog server:

shell
curl -i http://127.0.0.1:9080/hello

Delete Plugin

To remove the syslog Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.

shell
curl http://127.0.0.1:9180/apisix/admin/routes/1  -H "X-API-KEY: $admin_key" -X PUT -d '
{
    "methods": ["GET"],
    "uri": "/hello",
    "plugins": {},
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:1980": 1
        }
    }
}'