How to configure access logs sampling?

Tailzip · November 5, 2024, 10:27am

1. The problem I’m having:

Hi, I’m trying to configure access logs sampling for a subset of logs for some specific requests, namely GET /healthz from Caddyfile. I just can’t get the config right. Is that even possible with Caddyfile? If yes, how does it look like? If not, how to configure it through API?

2. Error messages and/or full log output:

No error message or log.

3. Caddy version:

2.8.4

4. How I installed and ran Caddy:

a. System environment:

Docker – through FrankenPHP image (1.2.5-php8.3), not sure if relevant but I thought I mention it anyway.

b. Command:

n/a

c. Service/unit/compose file:

n/a

d. My complete Caddy config:

{
	{$CADDY_GLOBAL_OPTIONS}

	admin off

	log default {
		output stdout
		format json
		level {$CADDY_SERVER_LOG_LEVEL:INFO}
	}

	frankenphp {
		{$FRANKENPHP_CONFIG}
	}
}

{$CADDY_EXTRA_CONFIG}

{$SERVER_NAME:localhost} {
	root * public/
	encode zstd br gzip

	vulcain

	{$CADDY_SERVER_EXTRA_DIRECTIVES}

	log {
		output stdout
		level {$CADDY_SERVER_ACCESS_LOG_LEVEL:INFO}

		format filter {
            wrap json

            fields {
                request>headers>Cf-Access-Jwt-Assertion replace REDACTED
                request>headers>Content-Security-Policy delete
                request>headers>Content-Security-Policy-Report-Only delete
            }
        }
	}

	# security headers
	header * {
		Permissions-Policy interest-cohort=() # disable FLoC tracking

		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		X-XSS-Protection "0"
		Referrer-Policy "strict-origin-when-cross-origin"

		-X-Powered-By
		-Server
	}

	handle /version {
        respond "{\"version\":\"{$APP_VERSION}\",\"revision\":\"{$APP_REVISION}\"}"
        header Content-Type "application/json"
    }

	php_server
}

5. Links to relevant resources:

Thank you

francislavoie · November 7, 2024, 11:58am

You can use log_skip to mark specific requests as not getting logged. So you might do something like:

@not-health not path /healthz
log_skip @not-health

So that only your /healthz requests get logged.

Also you might want to look at log_name which can let you route request logs to different loggers by name, if you want them to get written to separate files or whatever.

But regarding sampling, I guess you’re right, we never wired that up in the Caddyfile. We do have sampling support in the JSON config though. It’s just not a very popular feature so I guess it just got forgotten.

I just opened an issue for that, if you want to take a shot at implementing it:

github.com/caddyserver/caddy

Log sampling Caddyfile support

opened 11:56AM - 07 Nov 24 UTC

francislavoie

feature

good first issue

Our logging stack has sampling support, but it's currently only usable via JSON …config. We never wired up Caddyfile config for it. https://github.com/caddyserver/caddy/blob/b28576396956b3e5642c9f7949b750e2d20b6441/logging.go#L307 We should add Caddyfile support. This should be easy, it should just be a new option added to the `log` directive called `sampling` added in this switch: https://github.com/caddyserver/caddy/blob/b28576396956b3e5642c9f7949b750e2d20b6441/caddyconfig/httpcaddyfile/builtins.go#L1000 And it should take a block of options, i.e. `interval`, `first` and `thereafter`.

system · December 7, 2024, 11:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.