Synadia Platform

Logging

Controls log levels and logging destinations.

Logging Configuration

KeyTypeRequiredDescription
componentsMap of Component Name to Component ConfigNoLogging component configuration. See Component Names for common component names.
rotationLog RotationNoLog file rotation configuration for all configured components. Available since 1.4.2

Component Config

KeyTypeRequiredDescription
levelenumNoLog level, from most to least verbose: Trace, Debug, Info (default), Warn, Error, Fatal, or Panic.
log_pathstringNoIf specified, component will be written in json format to a file at this path. Default is to write the log to stdout in human-readable format.
log_file_modeuint32NoIf log_path is specified and the file does not exist, this is the mode the file will be created with. Default is 0o600.

Component Names

ComponentDescription
agentMonitoring agent and communication with NATS Systems
alertingAlerting evaluation and notification dispatch
apiAPI request logs
appApplication startup and shutdown process
auditAudit log for API requests. See Audit Logging
audit_serviceAudit log collection from managed NATS systems
authAuthentication request logs
catalogSynadia Catalog platform component service
encrypterData encryption and KMS key access
healthSystem and data plane health checks
internal_eventsInternal event bus over the control plane NATS connection
internal_natsInternal NATS connection used by the control plane
internal_postgresInternal PostgreSQL process, if enabled
internal_prom_dbInternal Prometheus time-series database
internal_prometheusInternal Prometheus process, if enabled
internal_prometheus_metricsInternal Prometheus metrics collection service
last_activeTracking of last-active timestamps for entities
metricsMetrics server for managed NATS systems
nats_apiNATS API (data plane) request logs
oidcOIDC authentication provider integration
release_monitorMonitoring of available data plane releases
scraperMetrics and status scraping from managed NATS systems
schema_registrySynadia Schema Registry platform component service
sqlSQL database migrations
sys_connectConnection management to managed NATS systems
uiWeb UI serving and configuration
version_monitorMonitoring of managed NATS system versions
workloadsSynadia Workloads platform component service

Log Rotation

KeyTypeRequiredDescription
max_size_mbintYesLog file will rotate once configured size is reached.
max_age_daysintNoIf specified, rotated log files will be deleted once this age is been reached. Default is 0 (unlimited).
max_backupsintNoIf specified, oldest rotated log file will be deleted once this quantity of rotated log files is reached. Default is 0 (unlimited).
compressboolNoIf true, rotated log files will be compressed with gzip compression. Default is false.

Audit Logging

Audit logging records the following fields:

  • time: Time
  • authorized: true or false
  • authorization_decision_data: Data from authorization engine
  • authenticated: true or false
  • authentication_method: SESSION or BEARER
  • entity: Entity type
  • operation: CREATE, READ, UPDATE, or DELETE
  • request_id: Unique ID for HTTP request
  • request_method: HTTP Method
  • request_remote_addr: HTTP Remote IP/Port
  • request_user_agent: HTTP User Agent Header
  • request_url: HTTP URL
  • request_x_forwarded_for: HTTP X-Forwarded-For Header
  • session_id: Session ID
  • result: SUCCESS or FAILURE
  • response_status: HTTP Response Status Code
  • user_id: User's database ID
  • user_identifier: User's Username or Email
  • user_name: User's Name

By default, audit logging runs at Info level, logs to stdout in human readable format, and only logs CREATE, UPDATE, and DELETE operations. To enable audit logging for READ operations also change it to Trace level.

Example: write all operations to an audit log file at /var/log/scp-audit.log in json format:

logging:
  components:
    audit:
      level: Trace
      log_path: /var/log/scp-audit.log
      log_file_mode: 0o644