Public Cloud Load Balancer TCP / HTTP / HTTPS Logs Forwarding (EN)

Wissensdatenbanken

KB0062949

Public Cloud Load Balancer TCP / HTTP / HTTPS Logs Forwarding (EN)


Icons/System/eye-open Created with Sketch. 201 Ansichten 25.09.2024 Cloud / Logs Data Platform

Objective

The purpose of this guide is to show you how to enable the forwarding of logs from your Public Cloud Load Balancer to Logs Data Platform (LDP), a platform that helps you store, archive, query and visualize your logs. If you would like to find out more about Logs Data Platform before reading this guide, please refer to the Logs Data Platform introduction guide.

Glossary

  • Logs Data Platform: a fully managed and secured log management platform by OVHcloud. For more information, consult the Logs Data Platform service page.
  • Data Stream: a logical partition of logs which you create in an LDP account and which you will use when ingesting, viewing or querying your logs. Multiple sources can be stored in the same data stream, and it is the unit that can be used to define a log pipeline (retention policy, archiving, live streaming, etc.), access rights and alert policies.
  • Logs forwarding: a feature integrated into an OVHcloud product to ingest the logs of its services into a Data Stream of an LDP account in the same OVHcloud account. This feature must be activated by the customer and per service.
  • Logs forwarding Subscription: when enabling the logs forwarding for a given OVHcloud service to a given LDP Data Stream, a Subscription is created and attached to the Data Stream for further management by the customer.

Requirements

  • A Logs Data Platform (LDP) account with at least one active Stream configured. This guide will walk you through all the necessary steps: Quick start for Logs Data Platform.
    • If you are not familiar with all the LDP Stream configuration possibilities, simply create a new one with the default options (indexing & websocket enabled, long-term storage disabled) for the purpose of this guide.
  • An up-and-running Public Cloud Load Balancer.
  • Both the LDP account and the Public Cloud Load Balancer account must belong to the same OVHcloud account.

Concepts & limits

To date, the logs of the UDP listeners are not forwarded.

What are the logs of a Public Cloud Load Balancer?

The forwarded logs are generated by HAproxy (the opensource component used for load balancing).

Log content for TCP based listeners : TCP, HTTP, TERMINATED_HTTPS, HTTPS

Field nameDescriptionType
accept_date The timestamp at which the request/connection was madedatetime (with millisecond resolution) e.g. 25/Mar/2024:14:07:19.536
bytes_read_int The number of bytes read by the serverInteger
bytes_uploaded_int The number of bytes sent by the server to the clientInteger
client_ipIP address of the client that initiated the TCP connection to the Load Balancer IP
client_ip_city_nameThe city computed by Geoip from client_ipString (e.g. Lille)
client_ip_country_codeThe ISO 3166 A-2 country code computed by Logstash Geoip from client_ip ISOXX (e.g. FR)
client_ip_geolocationThe latitude, longitude computed by Logstash Geoip from client_ipx.x,y.y (e.g. 50.624,3.0511) XST6Y7U899O0
client_port_intTCP port of the client that initiated the TCP connection to the Load BalancerInteger
listener_id The ID of the listener that received the request/connectionuuid
load_balancer_idThe ID of the Load Balancer that received the request/connection uuid
memberThe member to which the request / connection was sent uuid 
messageThe original log messageString
poolThe pool that processed the request / connectionuuid
project_idThe ID of the Public Cloud project to which the Load Balancer belongsuuid 
regionThe Public Cloud region to which the load balancer belongs String
tcp_total_session_duration_time_intThe time in milliseconds the TCP session has been opened when this request is madeInteger
termination_stateThe session termination indicator: 2 letters for TCP, 4 letters for HTTP all the details on HAProxy documentation pageString (e.g. "----")
timestampThe timestamp at which the log has been issued String

Additional content for HTTP & TERMINATED_HTTPS listeners

Field nameDescriptionType
http_requestThe resource of the HTTP request e.g. "/index.html"String
http_status_intThe returned HTTP status e.g. "200"Integer
http_verbThe HTTP verb used in the request e.g. "GET"String
http_version_numThe HTTP version of the request e.g. "1.1"Numeric

Instructions

Note that the forwarding activation is free of charge, but you will be charged for the usage of the Logs Data Platform service as per the standard price plan. For LDP pricing, refer to this page.

Enabling Public Cloud Load Balancer Log Forwarding using the OVHcloud Control Panel

This feature is not yet available in the Control Panel.

Enabling Audit Log Forwarding using APIs

You will have to define the targeted Stream of one of your LDP accounts to which you want your logs forwarded. The enablement of the forwarding will create a subscription for this stream id.

You can retrieve the API specifications in the OVH API Portal.

Step 1 - Retrieve your target Stream (and ID)

List data streams of your Logs Data Platform account (enter your LDP ID in the form ldp-xx-xxxx into the field "serviceName"):

GET /dbaas/logs/{serviceName}/output/graylog/stream

Get the details of a data stream:

GET /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}

Step 2 - Create your subscription

Use the following API call to create a subscription:

POST /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription

You will need to replace:

  • loadBalancerId: this is the Load Balancer ID, you can find it in the details page of your Load Balancer in the OVHcloud Control Panel or using the dedicated API call.
  • regionName: the OpenStack region, for example, GRA11.
  • serviceName: the Public Cloud Project ID. You can find it in the OVHcloud Control Panel under your project name or using the dedicated API call.

The POST request has a payload that requires:

  • kind: the kind of log you want to forward. Note that the only value currently supported for Public Cloud Load Balancer is 'haproxy' (you can find available kinds using the dedicated API call).
  • streamId: the target data stream of your LDP account where you want your Public Cloud Load Balancer logs to be forwarded to. 
POST /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription
{
  "kind": "string", // Currently the only supported value is 'haproxy'.
  "streamId": "18d602ec-af40-4000-8e59-41ecc8c23f80" // The streamID of the targeted Stream.
}

You will get in response an operationId:

{
  "operationId": "f550aa1c-89ab-4b1a-81ae-4fba4959966f",
  "serviceName": "ldp-xxxxx"
}

You can use the operationId to retrieve the subscriptionId for further management purposes using the following api call:

GET /dbaas/logs/{serviceName}/operation/{operationId}

Alternatively, once the operation is finished, the subscriptions can be retrieved using the following API call:

GET /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/

Once you have the subscriptionId, you can get the details using the following API call:

GET /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/{subscriptionId} 

GET /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/{subscriptionId}

{
  "createdAt": "2024-01-31T15:45:25.286Z",
  "kind": "string",
  "resource": {
    "name": "string",
    "type": "string"
  },
  "serviceName": "string",
  "streamId": "string",
  "subscriptionId": "18d60324-b260-4000-83db-b484f4db6e80",
  "updatedAt": "2024-01-31T15:45:25.286Z"
}

How to use Public Cloud Load Balancer logs?

Now that your logs are ingested and stored in your Logs Data Platform data stream, you can query your logs and build dashboards to have a graphical representation of your logs using the web-based UI of Graylog.

  • In the OVHcloud Control Panel, retrieve the LDP username (ex: logs-xxxx) and its password in your Logs Data Platform account home page. You can refer to the Quick start guide for Logs Data Platform.
  • Open the Graylog web-ui. You can retrieve the link in your account home page or using your Access point depending on your account region (for example: Gravelines region is https://gra1.logs.ovh.com/).
  • Log into Graylog using your Logs Data Platform Username and Password.
  • Search through your logs across the data stream of your Logs Data Platform account. You can refer to Graylog writing search queries documentation for details on search syntax.

Refer to the following documentation: Logs Data Platform - Visualizing, querying and exploiting your logs for more details about how to use your logs with Logs Data Platform, including how to:

  • setup alerts
  • view the logs in real time through a WebSocket
  • build visualization with OpenSearch Dashboards
  • integrate with OpenSearch API
  • connect with Grafana  

How to manage your subscriptions?

At any time, you can retrieve the subscriptions attached to your Logs Data Platform data stream and choose to disable the forwarding by cancelling your subscription on your stream, so that your Logs Data Platform stream no longer receives your audit logs.

Note that this does not delete the logs stored before the subscription was cancelled, as the data stored in a log stream is immutable unless you delete the entire stream.

To delete your subscription you can use the following API call:

DELETE /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/{subscriptionId}

Go further

If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.

Join our community of users on https://community.ovh.com/en/.

Zugehörige Artikel