1syntax = "proto3"; 2 3package envoy.config.accesslog.v3; 4 5import "envoy/config/core/v3/base.proto"; 6import "envoy/config/route/v3/route_components.proto"; 7import "envoy/type/matcher/v3/metadata.proto"; 8import "envoy/type/v3/percent.proto"; 9 10import "google/protobuf/any.proto"; 11import "google/protobuf/wrappers.proto"; 12 13import "udpa/annotations/status.proto"; 14import "udpa/annotations/versioning.proto"; 15import "validate/validate.proto"; 16 17option java_package = "io.envoyproxy.envoy.config.accesslog.v3"; 18option java_outer_classname = "AccesslogProto"; 19option java_multiple_files = true; 20option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3;accesslogv3"; 21option (udpa.annotations.file_status).package_version_status = ACTIVE; 22 23// [#protodoc-title: Common access log types] 24 25message AccessLog { 26 option (udpa.annotations.versioning).previous_message_type = 27 "envoy.config.filter.accesslog.v2.AccessLog"; 28 29 reserved 3; 30 31 reserved "config"; 32 33 // The name of the access log extension configuration. 34 string name = 1; 35 36 // Filter which is used to determine if the access log needs to be written. 37 AccessLogFilter filter = 2; 38 39 // Custom configuration that must be set according to the access logger extension being instantiated. 40 // [#extension-category: envoy.access_loggers] 41 oneof config_type { 42 google.protobuf.Any typed_config = 4; 43 } 44} 45 46// [#next-free-field: 13] 47message AccessLogFilter { 48 option (udpa.annotations.versioning).previous_message_type = 49 "envoy.config.filter.accesslog.v2.AccessLogFilter"; 50 51 oneof filter_specifier { 52 option (validate.required) = true; 53 54 // Status code filter. 55 StatusCodeFilter status_code_filter = 1; 56 57 // Duration filter. 58 DurationFilter duration_filter = 2; 59 60 // Not health check filter. 61 NotHealthCheckFilter not_health_check_filter = 3; 62 63 // Traceable filter. 64 TraceableFilter traceable_filter = 4; 65 66 // Runtime filter. 67 RuntimeFilter runtime_filter = 5; 68 69 // And filter. 70 AndFilter and_filter = 6; 71 72 // Or filter. 73 OrFilter or_filter = 7; 74 75 // Header filter. 76 HeaderFilter header_filter = 8; 77 78 // Response flag filter. 79 ResponseFlagFilter response_flag_filter = 9; 80 81 // gRPC status filter. 82 GrpcStatusFilter grpc_status_filter = 10; 83 84 // Extension filter. 85 // [#extension-category: envoy.access_loggers.extension_filters] 86 ExtensionFilter extension_filter = 11; 87 88 // Metadata Filter 89 MetadataFilter metadata_filter = 12; 90 } 91} 92 93// Filter on an integer comparison. 94message ComparisonFilter { 95 option (udpa.annotations.versioning).previous_message_type = 96 "envoy.config.filter.accesslog.v2.ComparisonFilter"; 97 98 enum Op { 99 // = 100 EQ = 0; 101 102 // >= 103 GE = 1; 104 105 // <= 106 LE = 2; 107 } 108 109 // Comparison operator. 110 Op op = 1 [(validate.rules).enum = {defined_only: true}]; 111 112 // Value to compare against. 113 core.v3.RuntimeUInt32 value = 2 [(validate.rules).message = {required: true}]; 114} 115 116// Filters on HTTP response/status code. 117message StatusCodeFilter { 118 option (udpa.annotations.versioning).previous_message_type = 119 "envoy.config.filter.accesslog.v2.StatusCodeFilter"; 120 121 // Comparison. 122 ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}]; 123} 124 125// Filters based on the duration of the request or stream, in milliseconds. 126// For end of stream access logs, the total duration of the stream will be used. 127// For :ref:`periodic access logs<arch_overview_access_log_periodic>`, 128// the duration of the stream at the time of log recording will be used. 129message DurationFilter { 130 option (udpa.annotations.versioning).previous_message_type = 131 "envoy.config.filter.accesslog.v2.DurationFilter"; 132 133 // Comparison. 134 ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}]; 135} 136 137// Filters for requests that are not health check requests. A health check 138// request is marked by the health check filter. 139message NotHealthCheckFilter { 140 option (udpa.annotations.versioning).previous_message_type = 141 "envoy.config.filter.accesslog.v2.NotHealthCheckFilter"; 142} 143 144// Filters for requests that are traceable. See the tracing overview for more 145// information on how a request becomes traceable. 146message TraceableFilter { 147 option (udpa.annotations.versioning).previous_message_type = 148 "envoy.config.filter.accesslog.v2.TraceableFilter"; 149} 150 151// Filters for random sampling of requests. 152message RuntimeFilter { 153 option (udpa.annotations.versioning).previous_message_type = 154 "envoy.config.filter.accesslog.v2.RuntimeFilter"; 155 156 // Runtime key to get an optional overridden numerator for use in the 157 // ``percent_sampled`` field. If found in runtime, this value will replace the 158 // default numerator. 159 string runtime_key = 1 [(validate.rules).string = {min_len: 1}]; 160 161 // The default sampling percentage. If not specified, defaults to 0% with 162 // denominator of 100. 163 type.v3.FractionalPercent percent_sampled = 2; 164 165 // By default, sampling pivots on the header 166 // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being 167 // present. If :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` 168 // is present, the filter will consistently sample across multiple hosts based 169 // on the runtime key value and the value extracted from 170 // :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is 171 // missing, or ``use_independent_randomness`` is set to true, the filter will 172 // randomly sample based on the runtime key value alone. 173 // ``use_independent_randomness`` can be used for logging kill switches within 174 // complex nested :ref:`AndFilter 175 // <envoy_v3_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter 176 // <envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to 177 // reason about from a probability perspective (i.e., setting to true will 178 // cause the filter to behave like an independent random variable when 179 // composed within logical operator filters). 180 bool use_independent_randomness = 3; 181} 182 183// Performs a logical “and” operation on the result of each filter in filters. 184// Filters are evaluated sequentially and if one of them returns false, the 185// filter returns false immediately. 186message AndFilter { 187 option (udpa.annotations.versioning).previous_message_type = 188 "envoy.config.filter.accesslog.v2.AndFilter"; 189 190 repeated AccessLogFilter filters = 1 [(validate.rules).repeated = {min_items: 2}]; 191} 192 193// Performs a logical “or” operation on the result of each individual filter. 194// Filters are evaluated sequentially and if one of them returns true, the 195// filter returns true immediately. 196message OrFilter { 197 option (udpa.annotations.versioning).previous_message_type = 198 "envoy.config.filter.accesslog.v2.OrFilter"; 199 200 repeated AccessLogFilter filters = 2 [(validate.rules).repeated = {min_items: 2}]; 201} 202 203// Filters requests based on the presence or value of a request header. 204message HeaderFilter { 205 option (udpa.annotations.versioning).previous_message_type = 206 "envoy.config.filter.accesslog.v2.HeaderFilter"; 207 208 // Only requests with a header which matches the specified HeaderMatcher will 209 // pass the filter check. 210 route.v3.HeaderMatcher header = 1 [(validate.rules).message = {required: true}]; 211} 212 213// Filters requests that received responses with an Envoy response flag set. 214// A list of the response flags can be found 215// in the access log formatter 216// :ref:`documentation<config_access_log_format_response_flags>`. 217message ResponseFlagFilter { 218 option (udpa.annotations.versioning).previous_message_type = 219 "envoy.config.filter.accesslog.v2.ResponseFlagFilter"; 220 221 // Only responses with the any of the flags listed in this field will be 222 // logged. This field is optional. If it is not specified, then any response 223 // flag will pass the filter check. 224 repeated string flags = 1 [(validate.rules).repeated = { 225 items { 226 string { 227 in: "LH" 228 in: "UH" 229 in: "UT" 230 in: "LR" 231 in: "UR" 232 in: "UF" 233 in: "UC" 234 in: "UO" 235 in: "NR" 236 in: "DI" 237 in: "FI" 238 in: "RL" 239 in: "UAEX" 240 in: "RLSE" 241 in: "DC" 242 in: "URX" 243 in: "SI" 244 in: "IH" 245 in: "DPE" 246 in: "UMSDR" 247 in: "RFCF" 248 in: "NFCF" 249 in: "DT" 250 in: "UPE" 251 in: "NC" 252 in: "OM" 253 } 254 } 255 }]; 256} 257 258// Filters gRPC requests based on their response status. If a gRPC status is not 259// provided, the filter will infer the status from the HTTP status code. 260message GrpcStatusFilter { 261 option (udpa.annotations.versioning).previous_message_type = 262 "envoy.config.filter.accesslog.v2.GrpcStatusFilter"; 263 264 enum Status { 265 OK = 0; 266 CANCELED = 1; 267 UNKNOWN = 2; 268 INVALID_ARGUMENT = 3; 269 DEADLINE_EXCEEDED = 4; 270 NOT_FOUND = 5; 271 ALREADY_EXISTS = 6; 272 PERMISSION_DENIED = 7; 273 RESOURCE_EXHAUSTED = 8; 274 FAILED_PRECONDITION = 9; 275 ABORTED = 10; 276 OUT_OF_RANGE = 11; 277 UNIMPLEMENTED = 12; 278 INTERNAL = 13; 279 UNAVAILABLE = 14; 280 DATA_LOSS = 15; 281 UNAUTHENTICATED = 16; 282 } 283 284 // Logs only responses that have any one of the gRPC statuses in this field. 285 repeated Status statuses = 1 [(validate.rules).repeated = {items {enum {defined_only: true}}}]; 286 287 // If included and set to true, the filter will instead block all responses 288 // with a gRPC status or inferred gRPC status enumerated in statuses, and 289 // allow all other responses. 290 bool exclude = 2; 291} 292 293// Filters based on matching dynamic metadata. 294// If the matcher path and key correspond to an existing key in dynamic 295// metadata, the request is logged only if the matcher value is equal to the 296// metadata value. If the matcher path and key *do not* correspond to an 297// existing key in dynamic metadata, the request is logged only if 298// match_if_key_not_found is "true" or unset. 299message MetadataFilter { 300 option (udpa.annotations.versioning).previous_message_type = 301 "envoy.config.filter.accesslog.v2.MetadataFilter"; 302 303 // Matcher to check metadata for specified value. For example, to match on the 304 // access_log_hint metadata, set the filter to "envoy.common" and the path to 305 // "access_log_hint", and the value to "true". 306 type.matcher.v3.MetadataMatcher matcher = 1; 307 308 // Default result if the key does not exist in dynamic metadata: if unset or 309 // true, then log; if false, then don't log. 310 google.protobuf.BoolValue match_if_key_not_found = 2; 311} 312 313// Extension filter is statically registered at runtime. 314message ExtensionFilter { 315 option (udpa.annotations.versioning).previous_message_type = 316 "envoy.config.filter.accesslog.v2.ExtensionFilter"; 317 318 reserved 2; 319 320 reserved "config"; 321 322 // The name of the filter implementation to instantiate. The name must 323 // match a statically registered filter. 324 string name = 1; 325 326 // Custom configuration that depends on the filter being instantiated. 327 oneof config_type { 328 google.protobuf.Any typed_config = 3; 329 } 330} 331