aspnetcore/fundamentals/http-logging/includes/index-6-7.md
:::moniker range=">= aspnetcore-6.0 <= aspnetcore-7.0"
HTTP Logging is a middleware that logs information about incoming HTTP requests and HTTP responses. HTTP logging provides logs of:
HTTP Logging is valuable in several scenarios to:
HTTP Logging can reduce the performance of an app, especially when logging the request and response bodies. Consider the performance impact when selecting fields to log. Test the performance impact of the selected logging properties.
[!WARNING] HTTP Logging can potentially log personally identifiable information (PII). Consider the risk and avoid logging sensitive information.
HTTP Logging is enabled with xref:Microsoft.AspNetCore.Builder.HttpLoggingBuilderExtensions.UseHttpLogging%2A, which adds HTTP logging middleware.
By default, HTTP Logging logs common properties such as path, status-code, and headers for requests and responses. Add the following line to the appsettings.Development.json file at the "LogLevel": { level so the HTTP logs are displayed:
"Microsoft.AspNetCore.HttpLogging.HttpLoggingMiddleware": "Information"
The output is logged as a single message at LogLevel.Information.
To configure the HTTP logging middleware, call xref:Microsoft.Extensions.DependencyInjection.HttpLoggingServicesExtensions.AddHttpLogging%2A in Program.cs.
[!NOTE] In the preceding sample and following samples,
UseHttpLoggingis called afterUseStaticFiles, so HTTP logging is not enabled for static file. To enable static file HTTP logging, callUseHttpLoggingbeforeUseStaticFiles.
LoggingFieldsHttpLoggingOptions.LoggingFields is an enum flag that configures specific parts of the request and response to log. HttpLoggingOptions.LoggingFields defaults to xref:Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestPropertiesAndHeaders | xref:Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.ResponsePropertiesAndHeaders.
RequestHeadersxref:Microsoft.AspNetCore.Http.HttpRequest.Headers are a set of HTTP Request Headers that are allowed to be logged. Header values are only logged for header names that are in this collection. The following code logs the request header "sec-ch-ua". If logging.RequestHeaders.Add("sec-ch-ua"); is removed, the value of the request header "sec-ch-ua" is redacted. The following highlighted code calls HttpLoggingOptions.RequestHeaders and HttpLoggingOptions.ResponseHeaders :
MediaTypeOptionsxref:Microsoft.AspNetCore.HttpLogging.HttpLoggingOptions.MediaTypeOptions provides configuration for selecting which encoding to use for a specific media type.
This approach can also be used to enable logging for data that is not logged by default. For example, form data, which might have a media type such as application/x-www-form-urlencoded or multipart/form-data.
MediaTypeOptions methodsRequestBodyLogLimit and ResponseBodyLogLimit:::moniker-end