Logs

Reading What’s Happening

By default, logs are written to stdout, in text format.

Configuration

General

Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).

filePath

By default, the logs are written to the standard output. You can configure a file path instead using the filePath option.

File (YAML)

  1. # Writing Logs to a File
  2. log:
  3.   filePath: "/path/to/traefik.log"

File (TOML)

  1. # Writing Logs to a File
  2. [log]
  3.   filePath = "/path/to/traefik.log"

CLI

  1. # Writing Logs to a File
  2. --log.filePath=/path/to/traefik.log

format

By default, the logs use a text format (common), but you can also ask for the json format in the format option.

File (YAML)

  1. # Writing Logs to a File, in JSON
  2. log:
  3.   filePath: "/path/to/log-file.log"
  4.   format: json

File (TOML)

  1. # Writing Logs to a File, in JSON
  2. [log]
  3.   filePath = "/path/to/log-file.log"
  4.   format = "json"

CLI

  1. # Writing Logs to a File, in JSON
  2. --log.filePath=/path/to/traefik.log
  3. --log.format=json

level

By default, the level is set to ERROR.

Alternative logging levels are TRACE, DEBUG, INFO, WARN, ERROR, FATAL, and PANIC.

File (YAML)

  1. log:
  2.   level: DEBUG

File (TOML)

  1. [log]
  2.   level = "DEBUG"

CLI

  1. --log.level=DEBUG

noColor

When using the ‘common’ format, disables the colorized output.

File (YAML)

  1. log:
  2.   noColor: true

File (TOML)

  1. [log]
  2.   noColor = true

CLI

  1. --log.nocolor=true

Log Rotation

The rotation of the log files can be configured with the following options.

maxSize

maxSize is the maximum size in megabytes of the log file before it gets rotated. It defaults to 100 megabytes.

File (YAML)

  1. log:
  2.   maxSize: 1

File (TOML)

  1. [log]
  2.   maxSize = 1

CLI

  1. --log.maxsize=1

maxBackups

maxBackups is the maximum number of old log files to retain. The default is to retain all old log files (though maxAge may still cause them to get deleted).

File (YAML)

  1. log:
  2.   maxBackups: 3

File (TOML)

  1. [log]
  2.   maxBackups = 3

CLI

  1. --log.maxbackups=3

maxAge

maxAge is the maximum number of days to retain old log files based on the timestamp encoded in their filename. Note that a day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc. The default is not to remove old log files based on age.

File (YAML)

  1. log:
  2.   maxAge: 3

File (TOML)

  1. [log]
  2.   maxAge = 3

CLI

  1. --log.maxage=3

compress

compress determines if the rotated log files should be compressed using gzip. The default is not to perform compression.

File (YAML)

  1. log:
  2.   compress: true

File (TOML)

  1. [log]
  2.   compress = true

CLI

  1. --log.compress=true

OpenTelemetry

Experimental Feature

The OpenTelemetry logs feature is currently experimental and must be explicitly enabled in the experimental section prior to use.

File (YAML)

  1. experimental:
  2.   otlpLogs: true

File (TOML)

  1. [experimental.otlpLogs]

CLI

  1. --experimental.otlpLogs=true

To enable the OpenTelemetry Logger for logs:

File (YAML)

  1. log:
  2.   otlp: {}

File (TOML)

  1. [log.otlp]

CLI

  1. --log.otlp=true

Default protocol

The OpenTelemetry Logger exporter will export logs to the collector using HTTPS by default to https://localhost:4318/v1/logs, see the gRPC Section to use gRPC.

HTTP configuration

Optional

This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP.

File (YAML)

  1. log:
  2.   otlp:
  3.     http: {}

File (TOML)

  1. [log.otlp.http]

CLI

  1. --log.otlp.http=true

endpoint

Optional, Default=”https://localhost:4318/v1/logs“, Format=”<scheme>://<host>:<port><path>

URL of the OpenTelemetry Collector to send logs to.

Insecure mode

To disable TLS, use http:// instead of https:// in the endpoint configuration.

File (YAML)

  1. log:
  2.   otlp:
  3.     http:
  4.       endpoint: https://collector:4318/v1/logs

File (TOML)

  1. [log.otlp.http]
  2.   endpoint = "https://collector:4318/v1/logs"

CLI

  1. --log.otlp.http.endpoint=https://collector:4318/v1/logs

headers

Optional, Default={}

Additional headers sent with logs by the exporter to the OpenTelemetry Collector.

File (YAML)

  1. log:
  2.   otlp:
  3.     http:
  4.       headers:
  5.         foo: bar
  6.         baz: buz

File (TOML)

  1. [log.otlp.http.headers]
  2.   foo = "bar"
  3.   baz = "buz"

CLI

  1. --log.otlp.http.headers.foo=bar --log.otlp.http.headers.baz=buz

tls

Optional

Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector.

ca

Optional

ca is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle.

File (YAML)

  1. log:
  2.   otlp:
  3.     http:
  4.       tls:
  5.         ca: path/to/ca.crt

File (TOML)

  1. [log.otlp.http.tls]
  2.   ca = "path/to/ca.crt"

CLI

  1. --log.otlp.http.tls.ca=path/to/ca.crt
cert

Optional

cert is the path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the key option is required.

File (YAML)

  1. log:
  2.   otlp:
  3.     http:
  4.       tls:
  5.         cert: path/to/foo.cert
  6.         key: path/to/foo.key

File (TOML)

  1. [log.otlp.http.tls]
  2.   cert = "path/to/foo.cert"
  3.   key = "path/to/foo.key"

CLI

  1. --log.otlp.http.tls.cert=path/to/foo.cert
  2. --log.otlp.http.tls.key=path/to/foo.key
key

Optional

key is the path to the private key used for the secure connection to the OpenTelemetry Collector. When using this option, setting the cert option is required.

File (YAML)

  1. log:
  2.   otlp:
  3.     http:
  4.       tls:
  5.         cert: path/to/foo.cert
  6.         key: path/to/foo.key

File (TOML)

  1. [log.otlp.http.tls]
  2.   cert = "path/to/foo.cert"
  3.   key = "path/to/foo.key"

CLI

  1. --log.otlp.http.tls.cert=path/to/foo.cert
  2. --log.otlp.http.tls.key=path/to/foo.key
insecureSkipVerify

Optional, Default=false

If insecureSkipVerify is true, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.

File (YAML)

  1. log:
  2.   otlp:
  3.     http:
  4.       tls:
  5.         insecureSkipVerify: true

File (TOML)

  1. [log.otlp.http.tls]
  2.   insecureSkipVerify = true

CLI

  1. --log.otlp.http.tls.insecureSkipVerify=true

gRPC configuration

Optional

This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc: {}

File (TOML)

  1. [log.otlp.grpc]

CLI

  1. --log.otlp.grpc=true

endpoint

Required, Default=”localhost:4317”, Format=”<host>:<port>

Address of the OpenTelemetry Collector to send logs to.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc:
  4.       endpoint: localhost:4317

File (TOML)

  1. [log.otlp.grpc]
  2.   endpoint = "localhost:4317"

CLI

  1. --log.otlp.grpc.endpoint=localhost:4317

insecure

Optional, Default=false

Allows exporter to send logs to the OpenTelemetry Collector without using a secured protocol.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc:
  4.       insecure: true

File (TOML)

  1. [log.otlp.grpc]
  2.   insecure = true

CLI

  1. --log.otlp.grpc.insecure=true

headers

Optional, Default={}

Additional headers sent with logs by the exporter to the OpenTelemetry Collector.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc:
  4.       headers:
  5.         foo: bar
  6.         baz: buz

File (TOML)

  1. [log.otlp.grpc.headers]
  2.   foo = "bar"
  3.   baz = "buz"

CLI

  1. --log.otlp.grpc.headers.foo=bar --log.otlp.grpc.headers.baz=buz

tls

Optional

Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector.

ca

Optional

ca is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc:
  4.       tls:
  5.         ca: path/to/ca.crt

File (TOML)

  1. [log.otlp.grpc.tls]
  2.   ca = "path/to/ca.crt"

CLI

  1. --log.otlp.grpc.tls.ca=path/to/ca.crt
cert

Optional

cert is the path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the key option is required.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc:
  4.       tls:
  5.         cert: path/to/foo.cert
  6.         key: path/to/foo.key

File (TOML)

  1. [log.otlp.grpc.tls]
  2.   cert = "path/to/foo.cert"
  3.   key = "path/to/foo.key"

CLI

  1. --log.otlp.grpc.tls.cert=path/to/foo.cert
  2. --log.otlp.grpc.tls.key=path/to/foo.key
key

Optional

key is the path to the private key used for the secure connection to the OpenTelemetry Collector. When using this option, setting the cert option is required.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc:
  4.       tls:
  5.         cert: path/to/foo.cert
  6.         key: path/to/foo.key

File (TOML)

  1. [log.otlp.grpc.tls]
  2.   cert = "path/to/foo.cert"
  3.   key = "path/to/foo.key"

CLI

  1. --log.otlp.grpc.tls.cert=path/to/foo.cert
  2. --log.otlp.grpc.tls.key=path/to/foo.key
insecureSkipVerify

Optional, Default=false

If insecureSkipVerify is true, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.

File (YAML)

  1. log:
  2.   otlp:
  3.     grpc:
  4.       tls:
  5.         insecureSkipVerify: true

File (TOML)

  1. [log.otlp.grpc.tls]
  2.   insecureSkipVerify = true

CLI

  1. --log.otlp.grpc.tls.insecureSkipVerify=true

Using Traefik OSS in Production?

If you are using Traefik at work, consider adding enterprise-grade API gateway capabilities or commercial support for Traefik OSS.

Adding API Gateway capabilities to Traefik OSS is fast and seamless. There’s no rip and replace and all configurations remain intact. See it in action via this short video.