1syntax = "proto3";
2
3package envoy.config.accesslog.v3;
4
5import "envoy/config/core/v3/base.proto";
6import "envoy/config/route/v3/route_components.proto";
7import "envoy/type/matcher/v3/metadata.proto";
8import "envoy/type/v3/percent.proto";
9
10import "google/protobuf/any.proto";
11import "google/protobuf/struct.proto";
12import "google/protobuf/wrappers.proto";
13
14import "udpa/annotations/status.proto";
15import "udpa/annotations/versioning.proto";
16import "validate/validate.proto";
17
18option java_package = "io.envoyproxy.envoy.config.accesslog.v3";
19option java_outer_classname = "AccesslogProto";
20option java_multiple_files = true;
21option (udpa.annotations.file_status).package_version_status = ACTIVE;
22
23// [#protodoc-title: Common access log types]
24
25message AccessLog {
26 option (udpa.annotations.versioning).previous_message_type =
27 "envoy.config.filter.accesslog.v2.AccessLog";
28
29 reserved 3;
30
31 reserved "config";
32
33 // The name of the access log implementation to instantiate. The name must
34 // match a statically registered access log. Current built-in loggers include:
35 //
36 // #. "envoy.access_loggers.file"
37 // #. "envoy.access_loggers.http_grpc"
38 // #. "envoy.access_loggers.tcp_grpc"
39 string name = 1;
40
41 // Filter which is used to determine if the access log needs to be written.
42 AccessLogFilter filter = 2;
43
44 // Custom configuration that depends on the access log being instantiated.
45 // Built-in configurations include:
46 //
47 // #. "envoy.access_loggers.file": :ref:`FileAccessLog
48 // <envoy_api_msg_extensions.access_loggers.file.v3.FileAccessLog>`
49 // #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig
50 // <envoy_api_msg_extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig>`
51 // #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig
52 // <envoy_api_msg_extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig>`
53 oneof config_type {
54 google.protobuf.Any typed_config = 4;
55 }
56}
57
58// [#next-free-field: 13]
59message AccessLogFilter {
60 option (udpa.annotations.versioning).previous_message_type =
61 "envoy.config.filter.accesslog.v2.AccessLogFilter";
62
63 oneof filter_specifier {
64 option (validate.required) = true;
65
66 // Status code filter.
67 StatusCodeFilter status_code_filter = 1;
68
69 // Duration filter.
70 DurationFilter duration_filter = 2;
71
72 // Not health check filter.
73 NotHealthCheckFilter not_health_check_filter = 3;
74
75 // Traceable filter.
76 TraceableFilter traceable_filter = 4;
77
78 // Runtime filter.
79 RuntimeFilter runtime_filter = 5;
80
81 // And filter.
82 AndFilter and_filter = 6;
83
84 // Or filter.
85 OrFilter or_filter = 7;
86
87 // Header filter.
88 HeaderFilter header_filter = 8;
89
90 // Response flag filter.
91 ResponseFlagFilter response_flag_filter = 9;
92
93 // gRPC status filter.
94 GrpcStatusFilter grpc_status_filter = 10;
95
96 // Extension filter.
97 ExtensionFilter extension_filter = 11;
98
99 // Metadata Filter
100 MetadataFilter metadata_filter = 12;
101 }
102}
103
104// Filter on an integer comparison.
105message ComparisonFilter {
106 option (udpa.annotations.versioning).previous_message_type =
107 "envoy.config.filter.accesslog.v2.ComparisonFilter";
108
109 enum Op {
110 // =
111 EQ = 0;
112
113 // >=
114 GE = 1;
115
116 // <=
117 LE = 2;
118 }
119
120 // Comparison operator.
121 Op op = 1 [(validate.rules).enum = {defined_only: true}];
122
123 // Value to compare against.
124 core.v3.RuntimeUInt32 value = 2;
125}
126
127// Filters on HTTP response/status code.
128message StatusCodeFilter {
129 option (udpa.annotations.versioning).previous_message_type =
130 "envoy.config.filter.accesslog.v2.StatusCodeFilter";
131
132 // Comparison.
133 ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
134}
135
136// Filters on total request duration in milliseconds.
137message DurationFilter {
138 option (udpa.annotations.versioning).previous_message_type =
139 "envoy.config.filter.accesslog.v2.DurationFilter";
140
141 // Comparison.
142 ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
143}
144
145// Filters for requests that are not health check requests. A health check
146// request is marked by the health check filter.
147message NotHealthCheckFilter {
148 option (udpa.annotations.versioning).previous_message_type =
149 "envoy.config.filter.accesslog.v2.NotHealthCheckFilter";
150}
151
152// Filters for requests that are traceable. See the tracing overview for more
153// information on how a request becomes traceable.
154message TraceableFilter {
155 option (udpa.annotations.versioning).previous_message_type =
156 "envoy.config.filter.accesslog.v2.TraceableFilter";
157}
158
159// Filters for random sampling of requests.
160message RuntimeFilter {
161 option (udpa.annotations.versioning).previous_message_type =
162 "envoy.config.filter.accesslog.v2.RuntimeFilter";
163
164 // Runtime key to get an optional overridden numerator for use in the
165 // *percent_sampled* field. If found in runtime, this value will replace the
166 // default numerator.
167 string runtime_key = 1 [(validate.rules).string = {min_len: 1}];
168
169 // The default sampling percentage. If not specified, defaults to 0% with
170 // denominator of 100.
171 type.v3.FractionalPercent percent_sampled = 2;
172
173 // By default, sampling pivots on the header
174 // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being
175 // present. If :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`
176 // is present, the filter will consistently sample across multiple hosts based
177 // on the runtime key value and the value extracted from
178 // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
179 // missing, or *use_independent_randomness* is set to true, the filter will
180 // randomly sample based on the runtime key value alone.
181 // *use_independent_randomness* can be used for logging kill switches within
182 // complex nested :ref:`AndFilter
183 // <envoy_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter
184 // <envoy_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to
185 // reason about from a probability perspective (i.e., setting to true will
186 // cause the filter to behave like an independent random variable when
187 // composed within logical operator filters).
188 bool use_independent_randomness = 3;
189}
190
191// Performs a logical “and” operation on the result of each filter in filters.
192// Filters are evaluated sequentially and if one of them returns false, the
193// filter returns false immediately.
194message AndFilter {
195 option (udpa.annotations.versioning).previous_message_type =
196 "envoy.config.filter.accesslog.v2.AndFilter";
197
198 repeated AccessLogFilter filters = 1 [(validate.rules).repeated = {min_items: 2}];
199}
200
201// Performs a logical “or” operation on the result of each individual filter.
202// Filters are evaluated sequentially and if one of them returns true, the
203// filter returns true immediately.
204message OrFilter {
205 option (udpa.annotations.versioning).previous_message_type =
206 "envoy.config.filter.accesslog.v2.OrFilter";
207
208 repeated AccessLogFilter filters = 2 [(validate.rules).repeated = {min_items: 2}];
209}
210
211// Filters requests based on the presence or value of a request header.
212message HeaderFilter {
213 option (udpa.annotations.versioning).previous_message_type =
214 "envoy.config.filter.accesslog.v2.HeaderFilter";
215
216 // Only requests with a header which matches the specified HeaderMatcher will
217 // pass the filter check.
218 route.v3.HeaderMatcher header = 1 [(validate.rules).message = {required: true}];
219}
220
221// Filters requests that received responses with an Envoy response flag set.
222// A list of the response flags can be found
223// in the access log formatter
224// :ref:`documentation<config_access_log_format_response_flags>`.
225message ResponseFlagFilter {
226 option (udpa.annotations.versioning).previous_message_type =
227 "envoy.config.filter.accesslog.v2.ResponseFlagFilter";
228
229 // Only responses with the any of the flags listed in this field will be
230 // logged. This field is optional. If it is not specified, then any response
231 // flag will pass the filter check.
232 repeated string flags = 1 [(validate.rules).repeated = {
233 items {
234 string {
235 in: "LH"
236 in: "UH"
237 in: "UT"
238 in: "LR"
239 in: "UR"
240 in: "UF"
241 in: "UC"
242 in: "UO"
243 in: "NR"
244 in: "DI"
245 in: "FI"
246 in: "RL"
247 in: "UAEX"
248 in: "RLSE"
249 in: "DC"
250 in: "URX"
251 in: "SI"
252 in: "IH"
253 in: "DPE"
254 in: "UMSDR"
255 in: "RFCF"
256 in: "NFCF"
257 in: "DT"
258 }
259 }
260 }];
261}
262
263// Filters gRPC requests based on their response status. If a gRPC status is not
264// provided, the filter will infer the status from the HTTP status code.
265message GrpcStatusFilter {
266 option (udpa.annotations.versioning).previous_message_type =
267 "envoy.config.filter.accesslog.v2.GrpcStatusFilter";
268
269 enum Status {
270 OK = 0;
271 CANCELED = 1;
272 UNKNOWN = 2;
273 INVALID_ARGUMENT = 3;
274 DEADLINE_EXCEEDED = 4;
275 NOT_FOUND = 5;
276 ALREADY_EXISTS = 6;
277 PERMISSION_DENIED = 7;
278 RESOURCE_EXHAUSTED = 8;
279 FAILED_PRECONDITION = 9;
280 ABORTED = 10;
281 OUT_OF_RANGE = 11;
282 UNIMPLEMENTED = 12;
283 INTERNAL = 13;
284 UNAVAILABLE = 14;
285 DATA_LOSS = 15;
286 UNAUTHENTICATED = 16;
287 }
288
289 // Logs only responses that have any one of the gRPC statuses in this field.
290 repeated Status statuses = 1 [(validate.rules).repeated = {items {enum {defined_only: true}}}];
291
292 // If included and set to true, the filter will instead block all responses
293 // with a gRPC status or inferred gRPC status enumerated in statuses, and
294 // allow all other responses.
295 bool exclude = 2;
296}
297
298// Filters based on matching dynamic metadata.
299// If the matcher path and key correspond to an existing key in dynamic
300// metadata, the request is logged only if the matcher value is equal to the
301// metadata value. If the matcher path and key *do not* correspond to an
302// existing key in dynamic metadata, the request is logged only if
303// match_if_key_not_found is "true" or unset.
304message MetadataFilter {
305 option (udpa.annotations.versioning).previous_message_type =
306 "envoy.config.filter.accesslog.v2.MetadataFilter";
307
308 // Matcher to check metadata for specified value. For example, to match on the
309 // access_log_hint metadata, set the filter to "envoy.common" and the path to
310 // "access_log_hint", and the value to "true".
311 type.matcher.v3.MetadataMatcher matcher = 1;
312
313 // Default result if the key does not exist in dynamic metadata: if unset or
314 // true, then log; if false, then don't log.
315 google.protobuf.BoolValue match_if_key_not_found = 2;
316}
317
318// Extension filter is statically registered at runtime.
319message ExtensionFilter {
320 option (udpa.annotations.versioning).previous_message_type =
321 "envoy.config.filter.accesslog.v2.ExtensionFilter";
322
323 reserved 2;
324
325 reserved "config";
326
327 // The name of the filter implementation to instantiate. The name must
328 // match a statically registered filter.
329 string name = 1;
330
331 // Custom configuration that depends on the filter being instantiated.
332 oneof config_type {
333 google.protobuf.Any typed_config = 3;
334 }
335}
View as plain text