Log request and response data to Syslog.


Configuration

Configuring the plugin is straightforward, you can add it on top of an API (or Consumer) by executing the following request on your Kong server:

$ curl -X POST http://kong:8001/apis/{api}/plugins \
    --data "name=syslog"

api: The id or name of the API that this plugin configuration will target

You can also apply it for every API using the http://kong:8001/plugins/ endpoint. Read the Plugin Reference for more information.

parameter default description
name The name of the plugin to use, in this case: syslog
consumer_id
optional
The CONSUMER ID that this plugin configuration will target. This value can only be used if authentication has been enabled so that the system can identify the user making the request.
config.successful_severity
optional
info An optional logging severity assigned to the all successful requests with response status code less then 400 .
config.client_errors_severity
optional
info An optional logging severity assigned to the all failed requests with response status code 400 or higher but less than 500.
config.server_errors_severity
optional
info An optional logging severity assigned to the all failed requests with response status code 500 or higher.
config.log_level
optional
info An optional logging severity, any request with equal or higher severity will be logged to System log.

Log Format

Every request will be logged to System log in SYSLOG standard, with message component in the following format:

{
    "request": {
        "method": "GET",
        "uri": "/get",
        "size": "75",
        "request_uri": "http://httpbin.org:8000/get",
        "querystring": {},
        "headers": {
            "accept": "*/*",
            "host": "httpbin.org",
            "user-agent": "curl/7.37.1"
        }
    },
    "response": {
        "status": 200,
        "size": "434",
        "headers": {
            "Content-Length": "197",
            "via": "kong/0.3.0",
            "Connection": "close",
            "access-control-allow-credentials": "true",
            "Content-Type": "application/json",
            "server": "nginx",
            "access-control-allow-origin": "*"
        }
    },
    "authenticated_entity": {
        "consumer_id": "80f74eef-31b8-45d5-c525-ae532297ea8e",
        "created_at":   1437643103000,
        "id": "eaa330c0-4cff-47f5-c79e-b2e4f355207e",
        "key": "2b64e2f0193851d4135a2e885cd08a65"
    },
    "api": {
        "request_host": "test.com",
        "upstream_url": "http://httpbin.org/",
        "created_at": 1432855823000,
        "name": "test.com",
        "id": "fbaf95a1-cd04-4bf6-cb73-6cb3285fef58"
    },
    "latencies": {
        "proxy": 1430,
        "kong": 9,
        "request": 1921
    },
    "started_at": 1433209822425,
    "client_ip": "127.0.0.1"
}

A few considerations on the above JSON object:

  • request contains properties about the request sent by the client
  • response contains properties about the response sent to the client
  • api contains Kong properties about the specific API requested
  • authenticated_entity contains Kong properties about the authenticated consumer (if an authentication plugin has been enabled)
  • latencies contains some data about the latencies involved:
    • proxy is the time it took for the final service to process the request
    • kong is the internal Kong latency that it took to run all the plugins
    • request is the time elapsed between the first bytes were read from the client and after the last bytes were sent to the client. Useful for detecting slow clients.

Notes

  • Make sure Syslog daemon is running on the instance and it's configured with logging level severity same as or lower than the set config.log_level.

Kong Process Errors

This logging plugin will only log HTTP request and response data. If you are looking for the Kong process error file (which is the nginx error file), then you can find it at the following path: {prefix}/logs/error.log