OVHcloud Load Balancer TCP / HTTP / HTTPS Logs Forwarding

Bazy wiedzy

KB0070844

OVHcloud Load Balancer TCP / HTTP / HTTPS Logs Forwarding


Icons/System/eye-open Created with Sketch. 71 wyśw. 16.06.2025 Cloud / OVHcloud Load Balancer

Objective

The purpose of this guide is to show you how to enable the forwarding of logs from your OVHcloud Load Balancer to Logs Data Platform (LDP), a platform that helps you store, archive, query and visualize your logs. If you would like to find out more about Logs Data Platform before reading this guide, please refer to the Logs Data Platform introduction guide.

In order to use this feature, you must first make a refresh call via the API to the Load Balancers whose logs you want to collect. This is necessary to ensure that the logging format of the OVHcloud Load Balancer is up to date. You can use the API call below, where serviceName is the internal name of your Load Balancer, which you can find in the Load Balancer management page in the OVHcloud Control Panel or using the dedicated API call.

POST /ipLoadbalancing/{serviceName}/refresh

Glossary

  • Logs Data Platform: a fully managed and secured log management platform by OVHcloud. For more information, consult the Logs Data Platform service page.
  • Data Stream: a logical partition of logs which you create in an LDP account and which you will use when ingesting, viewing or querying your logs. Multiple sources can be stored in the same data stream, and it is the unit that can be used to define a log pipeline (retention policy, archiving, live streaming, etc.), access rights and alert policies.
  • Logs forwarding: a feature integrated into an OVHcloud product to ingest the logs of its services into a Data Stream of an LDP account in the same OVHcloud account. This feature must be activated by the customer and per service.
  • Logs forwarding Subscription: when enabling the logs forwarding for a given OVHcloud service to a given LDP Data Stream, a Subscription is created and attached to the Data Stream for further management by the customer.

Requirements

  • A Logs Data Platform (LDP) account with at least one active Stream configured. This guide will walk you through all the necessary steps: Quick start for Logs Data Platform.
    • If you are not familiar with all the LDP Stream configuration possibilities, simply create a new one with the default options (indexing & websocket enabled, long-term storage disabled) for the purpose of this guide.
  • An up-and-running OVHcloud Load Balancer.
  • Both the LDP account and the OVHcloud Load Balancer account must belong to the same OVHcloud account.

Concepts & limits

To date, the logs of the UDP listeners are not forwarded.

What are the logs of an OVHcloud Load Balancer?

The forwarded logs are generated by HAproxy (the opensource component used for load balancing).

Log content for TCP based listeners : TCP, HTTP

Field nameDescriptionType
service_nameThe name of the Load Balancer that received the request/connectionString
date_timeThe timestamp at which the request/connection was madedatetime (with millisecond resolution) e.g. 25/Mar/2024:14:07:19.536
zoneThe OVHcloud region to which the Load Balancer belongs String
client_ipIP address of the client that initiated the TCP connection to the Load Balancer IP
client_port_intTCP port of the client that initiated the TCP connection to the Load Balancer Integer
frontend_nameName of the frontend of your Load BalancerString
frontend_ipIP address of the frontend of your Load BalancerIP
frontend_port_intTCP port of the frontend of your Load BalancerInteger
backend_nameName of the NAT source used by the Load Balancer to connect to your backend serversString
backend_source_ipSource IP address used by the Load Balancer to connect to your backend serversIP
backend_source_port_intSource port used by the Load Balancer to connect to your backend serversInteger
server_ipIP address of the backend server connected to your Load BalancerIP
server_port_intTCP port of the backend server connected to your Load BalancerInteger
termination_stateThe session termination indicator: 2 letters for TCP, 4 letters for HTTP, all the details on HAProxy documentation pageString (e.g. "----")
bytes_read_intSize (in bytes) of the response sent by the Load Balancer to the clientInteger
bytes_uploaded_intSize (in bytes) of the request sent by the client to the Load BalancerInteger
time_duration_intThe duration (in milliseconds) of the TCP session at the time the request was madeInteger

Additional content for HTTP listeners

Field nameDescriptionType
captured_request_headersThe headers of the HTTP request e.g. "User-Agent"String
http_requestThe resource of the HTTP request e.g. "/index.html"String
http_status_code_intThe returned HTTP status e.g. "200"Integer

Instructions

Note that the forwarding activation is free of charge, but you will be charged for the usage of the Logs Data Platform service as per the standard price plan. For LDP pricing, refer to this page.

Enabling Load Balancer Log Forwarding using the OVHcloud Control Panel

This feature is not yet available in the Control Panel.

Enabling Audit Log Forwarding using APIs

You will have to define the targeted Stream of one of your LDP accounts to which you want your logs forwarded. The enablement of the forwarding will create a subscription for this stream id.

You can retrieve the API specifications in the OVH API Portal.

Step 1 - Retrieve your target Stream (and ID)

List data streams of your Logs Data Platform account (enter your LDP ID in the form ldp-xx-xxxx into the field "serviceName"):

GET /dbaas/logs/{serviceName}/output/graylog/stream

Get the details of a data stream:

GET /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}

Step 2 - Create your subscription

Use the following API call to create a subscription:

POST /ipLoadbalancing/{serviceName}/log/subscription

You will need to replace:

  • serviceName: this is the internal name of your Load Balancer, you can find it in the Load Balancer management page in the OVHcloud Control Panel or using the dedicated API call.

The POST request has a payload that requires:

  • kind: the kind of log you want to forward, either "http" or "tcp". You can find available kinds using the dedicated API call.
  • streamId: the target data stream of your LDP account where you want your Load Balancer logs to be forwarded to. 
POST /ipLoadbalancing/{serviceName}/log/subscription
{
  "kind": "string", // "http" or "tcp".
  "streamId": "18d602ec-af40-4000-8e59-41ecc8c23f80" // The streamID of the targeted Stream.
}

You will get in response an operationId:

{
  "operationId": "f550aa1c-89ab-4b1a-81ae-4fba4959966f",
  "serviceName": "ldp-xxxxx"
}

You can use the operationId to retrieve the subscriptionId for further management purposes using the following api call:

GET /dbaas/logs/{serviceName}/operation/{operationId}

Alternatively, once the operation is finished, the subscriptions can be retrieved using the following API call:

GET /ipLoadbalancing/{serviceName}/log/subscription

Once you have the subscriptionId, you can get the details using the following API call:

GET /ipLoadbalancing/{serviceName}/log/subscription/{subscriptionId} 

GET /ipLoadbalancing/{serviceName}/log/subscription/{subscriptionId}

{
  "createdAt": "2025-05-28T13:41:19.713Z",
  "kind": "string",
  "resource": {
    "name": "string",
    "type": "string"
  },
  "serviceName": "string",
  "streamId": "19717204-2e10-4000-8b63-4f080b5d5101",
  "subscriptionId": "19717204-2e10-4000-8c42-d7b11c9ce680",
  "updatedAt": "2025-05-28T13:41:19.713Z"
}

How to use OVHcloud Load Balancer logs?

Now that your logs are ingested and stored in your Logs Data Platform data stream, you can query your logs and build dashboards to have a graphical representation of your logs using the web-based UI of Graylog.

  • In the OVHcloud Control Panel, retrieve the LDP username (ex: logs-xxxx) and its password in your Logs Data Platform account home page. You can refer to the Quick start guide for Logs Data Platform.
  • Open the Graylog web-ui. You can retrieve the link in your account home page or using your Access point depending on your account region (for example: Gravelines region is https://gra1.logs.ovh.com/).
  • Log into Graylog using your Logs Data Platform Username and Password.
  • Search through your logs across the data stream of your Logs Data Platform account. You can refer to Graylog writing search queries documentation for details on search syntax.

Refer to the following documentation: Logs Data Platform - Visualizing, querying and exploiting your logs for more details about how to use your logs with Logs Data Platform, including how to:

  • setup alerts
  • view the logs in real time through a WebSocket
  • build visualization with OpenSearch Dashboards
  • integrate with OpenSearch API
  • connect with Grafana  

How to manage your subscriptions?

At any time, you can retrieve the subscriptions attached to your Logs Data Platform data stream and choose to disable the forwarding by cancelling your subscription on your stream, so that your Logs Data Platform stream no longer receives your audit logs.

Note that this does not delete the logs stored before the subscription was cancelled, as the data stored in a log stream is immutable unless you delete the entire stream.

To delete your subscription you can use the following API call:

DELETE /ipLoadbalancing/{serviceName}/log/subscription/{subscriptionId}

Go further

If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.

Join our community of users.

Powiązane artykuły