Synadia Control Plane

Logging

Controls log levels and logging destinations.

Logging Configuration

KeyTypeRequiredDescription
componentsMap of Component Name : ComponentNoLogging component configuration Common logging component names are:
  • agent: monitoring agent and communication with NATS Systems
  • api: API request logs
  • app: application startup and shutdown process
  • audit: audit log for API requests
  • auth: authentication request logs
  • internal_postgres: logs for internal PostgreSQL process, if enabled
  • internal_prometheus: logs for internal Prometheus process, if enabled

Component

KeyTypeRequiredDescription
levelenumNoLog level, from most to least verbose: Trace, Debug, Info (default), Warn, Error, Fatal, or Panic.
log_pathstringNoIf specified, component will be written in json format to a file at this path. Default is to write the log to stdout in human-readable format
log_file_modeuint32NoIf log_path is specified and the file does not exist, this is the mode the file will be created with. Default is 0o600.

Audit Logging

Audit logging records the following fields:

  • time: Time
  • authorized: true or false
  • authorization_decision_data: Data from authorization engine
  • authenticated: true or false
  • authentication_method: SESSION or BEARER
  • entity: Entity type
  • operation: CREATE, READ, UPDATE, or DELETE
  • request_id: Unique ID for HTTP request
  • request_method: HTTP Method
  • request_remote_addr: HTTP Remote IP/Port
  • request_user_agent: HTTP User Agent Header
  • request_url: HTTP URL
  • request_x_forwarded_for: HTTP X-Forwarded-For Header
  • session_id: Session ID
  • result: SUCCESS or FAILURE
  • response_status: HTTP Response Status Code
  • user_id: User's database ID
  • user_identifier: User's Username or Email
  • user_name: User's Name

By default, audit logging runs at Info level, logs to stdout in human readable format, and only logs CREATE, UPDATE, and DELETE operations. To enable audit logging for READ operations also change it to Trace level.

Example: write all operations to an audit log file at /var/log/scp-audit.log in json format:

logging:
  components:
    audit:
      level: Trace
      log_path: /var/log/scp-audit.log
Previous
Authorization