Access Logs

Who Calls Whom?

By default, logs are written to stdout, in text format.

Configuration

To enable the access logs:

  1. [accessLog]
  1. accessLog: {}
  1. --accesslog=true

filePath

By default access logs are written to the standard output.To write the logs into a log file, use the filePath option.

format

By default, logs are written using the Common Log Format (CLF).To write logs in JSON, use json in the format option.If the given format is unsupported, the default (CLF) is used instead.

Common Log Format

  1. <remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_frontend_name>" "<Traefik_backend_URL>" <request_duration_in_ms>ms

bufferingSize

To write the logs in an asynchronous fashion, specify a bufferingSize option.This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.In some cases, this option can greatly help performances.

  1. # Configuring a buffer of 100 lines
  2. [accessLog]
  3. filePath = "/path/to/access.log"
  4. bufferingSize = 100
  1. # Configuring a buffer of 100 lines
  2. accessLog:
  3. filePath: "/path/to/access.log"
  4. bufferingSize: 100
  1. # Configuring a buffer of 100 lines
  2. --accesslog=true
  3. --accesslog.filepath="/path/to/access.log"
  4. --accesslog.bufferingsize=100

Filtering

To filter logs, you can specify a set of filters which are logically "OR-connected".Thus, specifying multiple filters will keep more access logs than specifying only one.

The available filters are:

  • statusCodes, to limit the access logs to requests with a status codes in the specified range
  • retryAttempts, to keep the access logs when at least one retry has happened
  • minDuration, to keep access logs when requests take longer than the specified duration
  1. # Configuring Multiple Filters
  2. [accessLog]
  3. filePath = "/path/to/access.log"
  4. format = "json"
  5. [accessLog.filters]
  6. statusCodes = ["200", "300-302"]
  7. retryAttempts = true
  8. minDuration = "10ms"
  1. # Configuring Multiple Filters
  2. accessLog:
  3. filePath: "/path/to/access.log"
  4. format: json
  5. filters:
  6. statusCodes:
  7. - "200"
  8. - "300-302"
  9. retryAttempts: true
  10. minDuration: "10ms"
  1. # Configuring Multiple Filters
  2. --accesslog=true
  3. --accesslog.filepath="/path/to/access.log"
  4. --accesslog.format="json"
  5. --accesslog.filters.statuscodes="200, 300-302"
  6. --accesslog.filters.retryattempts
  7. --accesslog.filters.minduration="10ms"

Limiting the Fields

You can decide to limit the logged fields/headers to a given list with the fields.names and fields.header options

Each field can be set to:

  • keep to keep the value
  • drop to drop the value
  • redact to replace the value with "redacted"The defaultMode for fields.header is drop.
  1. # Limiting the Logs to Specific Fields
  2. [accessLog]
  3. filePath = "/path/to/access.log"
  4. format = "json"
  5. [accessLog.fields]
  6. defaultMode = "keep"
  7. [accessLog.fields.names]
  8. "ClientUsername" = "drop"
  9. [accessLog.fields.headers]
  10. defaultMode = "keep"
  11. [accessLog.fields.headers.names]
  12. "User-Agent" = "redact"
  13. "Authorization" = "drop"
  14. "Content-Type" = "keep"
  1. # Limiting the Logs to Specific Fields
  2. accessLog:
  3. filePath: "/path/to/access.log"
  4. format: json
  5. fields:
  6. defaultMode: keep
  7. names:
  8. ClientUsername: drop
  9. headers:
  10. defaultMode: keep
  11. names:
  12. User-Agent: redact
  13. Authorization: drop
  14. Content-Type: keep
  1. # Limiting the Logs to Specific Fields
  2. --accesslog=true
  3. --accesslog.filepath="/path/to/access.log"
  4. --accesslog.format="json"
  5. --accesslog.fields.defaultmode="keep"
  6. --accesslog.fields.names.ClientUsername="drop"
  7. --accesslog.fields.headers.defaultmode="keep"
  8. --accesslog.fields.headers.names.User-Agent="redact"
  9. --accesslog.fields.headers.names.Authorization="drop"
  10. --accesslog.fields.headers.names.Content-Type="keep"

Available Fields

FieldDescription
StartUTCThe time at which request processing started.
StartLocalThe local time at which request processing started.
DurationThe total time taken by processing the response, including the origin server's time but not the log writing time.
FrontendNameThe name of the Traefik frontend.
BackendNameThe name of the Traefik backend.
BackendURLThe URL of the Traefik backend.
BackendAddrThe IP:port of the Traefik backend (extracted from BackendURL)
ClientAddrThe remote address in its original form (usually IP:port).
ClientHostThe remote IP address from which the client request was received.
ClientPortThe remote TCP port from which the client request was received.
ClientUsernameThe username provided in the URL, if present.
RequestAddrThe HTTP Host header (usually IP:port). This is treated as not a header by the Go API.
RequestHostThe HTTP Host server name (not including port).
RequestPortThe TCP port from the HTTP Host.
RequestMethodThe HTTP method.
RequestPathThe HTTP request URI, not including the scheme, host or port.
RequestProtocolThe version of HTTP requested.
RequestLineRequestMethod + RequestPath + RequestProtocol
RequestContentSizeThe number of bytes in the request entity (a.k.a. body) sent by the client.
OriginDurationThe time taken by the origin server ('upstream') to return its response.
OriginContentSizeThe content length specified by the origin server, or 0 if unspecified.
OriginStatusThe HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent.
OriginStatusLineOriginStatus + Status code explanation
DownstreamStatusThe HTTP status code returned to the client.
DownstreamStatusLineDownstreamStatus + Status code explanation
DownstreamContentSizeThe number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response.
RequestCountThe number of requests received since the Traefik instance started.
GzipRatioThe response body compression ratio achieved.
OverheadThe processing time overhead caused by Traefik.
RetryAttemptsThe amount of attempts the request was retried.

Log Rotation

Traefik will close and reopen its log files, assuming they're configured, on receipt of a USR1 signal.This allows the logs to be rotated and processed by an external program, such as logrotate.

Note

This does not work on Windows due to the lack of USR signals.