docs

Synadia Platform

Logging

Controls log levels and logging destinations.

Logging Configuration

KeyTypeRequiredDescription
componentsMap of Component Name : ComponentNoLogging component configuration Common logging component names are:
  • agent: monitoring agent and communication with NATS Systems
  • api: API request logs
  • app: application startup and shutdown process
  • audit: audit log for API requests
  • auth: authentication request logs
  • internal_postgres: logs for internal PostgreSQL process, if enabled
  • internal_prometheus: logs for internal Prometheus process, if enabled
rotationLog RotationNoLog file rotation configuration for all configured components. Available since 1.4.2

Component

KeyTypeRequiredDescription
levelenumNoLog level, from most to least verbose: Trace, Debug, Info (default), Warn, Error, Fatal, or Panic.
log_pathstringNoIf specified, component will be written in json format to a file at this path. Default is to write the log to stdout in human-readable format.
log_file_modeuint32NoIf log_path is specified and the file does not exist, this is the mode the file will be created with. Default is 0o600.

Log Rotation

KeyTypeRequiredDescription
max_size_mbintYesLog file will rotate once configured size is reached.
max_age_daysintNoIf specified, rotated log files will be deleted once this age is been reached. Default is 0 (unlimited).
max_backupsintNoIf specified, oldest rotated log file will be deleted once this quantity of rotated log files is reached. Default is 0 (unlimited).
compressboolNoIf true, rotated log files will be compressed with gzip compression. Default is false.

Audit Logging

Audit logging records the following fields:

  • time: Time
  • authorized: true or false
  • authorization_decision_data: Data from authorization engine
  • authenticated: true or false
  • authentication_method: SESSION or BEARER
  • entity: Entity type
  • operation: CREATE, READ, UPDATE, or DELETE
  • request_id: Unique ID for HTTP request
  • request_method: HTTP Method
  • request_remote_addr: HTTP Remote IP/Port
  • request_user_agent: HTTP User Agent Header
  • request_url: HTTP URL
  • request_x_forwarded_for: HTTP X-Forwarded-For Header
  • session_id: Session ID
  • result: SUCCESS or FAILURE
  • response_status: HTTP Response Status Code
  • user_id: User's database ID
  • user_identifier: User's Username or Email
  • user_name: User's Name

By default, audit logging runs at Info level, logs to stdout in human readable format, and only logs CREATE, UPDATE, and DELETE operations. To enable audit logging for READ operations also change it to Trace level.

Example: write all operations to an audit log file at /var/log/scp-audit.log in json format:

logging:
  components:
    audit:
      level: Trace
      log_path: /var/log/scp-audit.log
      log_file_mode: 0o644
Previous
Authorization
Next
Guides