Skip to content

Latest commit

 

History

History
166 lines (134 loc) · 10.4 KB

loggly.md

File metadata and controls

166 lines (134 loc) · 10.4 KB
title keywords description
loggly
APISIX
API Gateway
Plugin
SolarWinds Loggly
This document contains information about the Apache APISIX loggly Plugin.

Description

The loggly Plugin is used to forward logs to SolarWinds Loggly for analysis and storage.

When the Plugin is enabled, APISIX will serialize the request context information to Loggly Syslog data format which is Syslog events with RFC5424 compliant headers.

When the maximum batch size is exceeded, the data in the queue is pushed to Loggly enterprise syslog endpoint. See batch processor for more details.

Attributes

Name Type Required Default Description
customer_token string True Unique identifier used when sending logs to Loggly to ensure that they are sent to the right organisation account.
severity string (enum) False INFO Syslog log event severity level. Choose between: DEBUG, INFO, NOTICE, WARNING, ERR, CRIT, ALERT, and EMEGR.
severity_map object False nil A way to map upstream HTTP response codes to Syslog severity. Key-value pairs where keys are the HTTP response codes and the values are the Syslog severity levels. For example {"410": "CRIT"}.
tags array False Metadata to be included with any event log to aid in segmentation and filtering.
include_req_body boolean False false When set to true includes the request body in the log. If the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitations.
include_resp_body boolean False false When set to true includes the response body in the log.
include_resp_body_expr array False When the include_resp_body attribute is set to true, use this to filter based on lua-resty-expr. If present, only logs the response if the expression evaluates to true.

This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every 5 seconds or when the data in the queue reaches 1000. See Batch Processor for more information or setting your custom configuration.

To generate a Customer token, go to <your assigned subdomain>/loggly.com/tokens or navigate to Logs > Source setup > Customer tokens.

Metadata

You can also configure the Plugin through Plugin metadata. The following configurations are available:

Name Type Required Default Valid values Description
host string False "logs-01.loggly.com" Endpoint of the host where the logs are being sent.
port integer False 514 Loggly port to connect to. Only used for syslog protocol.
timeout integer False 5000 Loggly send data request timeout in milliseconds.
protocol string False "syslog" [ "syslog" , "http", "https" ] Protocol in which the logs are sent to Loggly.
log_format object False nil Log format declared as key value pairs in JSON format. Values only support strings. APISIX or Nginx variables can be used by prefixing the string with $.

We support Syslog, HTTP/S (bulk endpoint) protocols to send log events to Loggly. By default, in APISIX side, the protocol is set to "syslog". It lets you send RFC5424 compliant syslog events with some fine-grained control (log severity mapping based on upstream HTTP response code). But HTTP/S bulk endpoint is great to send larger batches of log events with faster transmission speed. If you wish to update it, just update the metadata.

:::note

APISIX supports Syslog and HTTP/S protocols to send data to Loggly. Syslog lets you send RFC5424 compliant syslog events with fine-grained control. But, HTTP/S bulk endpoint is better while sending large batches of logs at a fast transmission speed. You can configure the metadata to update the protocol as shown below:

curl http://127.0.0.1:9180/apisix/admin/plugin_metadata/loggly -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
   "protocol": "http"
}'

:::

Enabling the Plugin

Full configuration

The example below shows a complete configuration of the Plugin on a specific Route:

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "plugins":{
        "loggly":{
            "customer_token":"0e6fe4bf-376e-40f4-b25f-1d55cb29f5a2",
            "tags":["apisix", "testroute"],
            "severity":"info",
            "severity_map":{
                "503": "err",
                "410": "alert"
            },
            "buffer_duration":60,
            "max_retry_count":0,
            "retry_delay":1,
            "inactive_timeout":2,
            "batch_max_size":10
        }
    },
    "upstream":{
        "type":"roundrobin",
        "nodes":{
            "127.0.0.1:80":1
        }
    },
    "uri":"/index.html"
}'

Minimal configuration

The example below shows a bare minimum configuration of the Plugin on a Route:

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "plugins":{
        "loggly":{
            "customer_token":"0e6fe4bf-376e-40f4-b25f-1d55cb29f5a2",
        }
    },
    "upstream":{
        "type":"roundrobin",
        "nodes":{
            "127.0.0.1:80":1
        }
    },
    "uri":"/index.html"
}'

Example usage

Now, if you make a request to APISIX, it will be logged in Loggly:

curl -i http://127.0.0.1:9080/index.html

You can then view the logs on your Loggly Dashboard:

Loggly Dashboard

Disable Plugin

To disable the file-logger Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
    "uri": "/index.html",
    "plugins": {},
    "upstream": {
        "type": "roundrobin",
        "nodes": {
            "127.0.0.1:80": 1
        }
    }
}'