Hi, I wanted to ask some info regarding logs, currently I have the following configuration:
log:
level: DEBUG
format: json
filePath: /var/log/traefik/traefik-mgmt-01.log
accesslog:
format: json
filePath: /var/log/traefik/traefik-mgmt-01.access
fields:
names:
StartUTC: drop
I saw that the log files are broken down by days automatically in the following format, but the access logs are not:
-rw-r--r--. 1 user root 1263788 Jan 2 08:41 traefik-mgmt-01-2025-01-02T07-41-43.561.log.gz
-rw-r--r--r--. 1 user root 1401818 Jan 4 05:11 traefik-mgmt-01-2025-01-04T04-11-21.052.log.gz
-rw-r--r--r--. 1 user root 1699942 Jan 7 10:04 traefik-mgmt-01-2025-01-07T09-04-02.487.log.gz
-rw-r--r--r--. 1 user root 1518592 Jan 9 08:28 traefik-mgmt-01-2025-01-09T07-28-34.413.log.gz
-rw-r--r--r--. 1 user root 1583076 Jan 11 14:30 traefik-mgmt-01-2025-01-11T13-30-42.602.log.gz
-rw-r--r--r--. 1 user root 1575834 Jan 13 19:25 traefik-mgmt-01-2025-01-13T18-25-17.634.log.gz
-rw-r--r--r--. 1 user root 1440084 Jan 15 14:20 traefik-mgmt-01-2025-01-15T13-20-44.133.log.gz
-rw-r--r--r--. 1 user root 1470456 Jan 17 11:03 traefik-mgmt-01-2025-01-17T10-03-50.182.log.gz
-rw-r--r--r--. 1 user root 1564065 Jan 19 20:09 traefik-mgmt-01-2025-01-19T19-09-42.158.log.gz
so at the moment I ended up with a 10 gig file where even the grep operation is slow.
I created a python script, which based on the time field, created individual files for me divided by day.
so i wanted to ask the following:
- is it possible to change the log split, via the static conf, so that both access logs and normal logs are handled?
- possibly is it possible to lock the log split, so that it can be managed externally with logrotate?
Also, the access logs contain only the following fields:
{
"ClientAddr":"10.XXX.XXX.XXX:59917",
"ClientHost":"10.XXX.XXX.XXX",
"ClientPort":"59917",
"ClientUsername":"-",
"DownstreamContentSize":26,
"DownstreamStatus":200,
"Duration":6241950,
"OriginContentSize":26,
"OriginDuration":5940277,
"OriginStatus":200,
"Overhead":301673,
"RequestAddr":"it-asset.XXXX.it",
"RequestContentSize":53,
"RequestCount":4569,
"RequestHost":"it-asset.XXXX.it",
"RequestMethod":"POST",
"RequestPath":"/api/fXXXXX/config",
"RequestPort":"-",
"RequestProtocol":"HTTP/1.1",
"RequestScheme":"https",
"RetryAttempts":0,
"RouterName":"fleXXXXX-01@docker",
"ServiceAddr":"172.XXX.XXX.9:8080",
"ServiceName":"fleXXXXX-01@docker",
"ServiceURL":"http://172.XXX.XXX.9:8080",
"SpanId":"0000000000000000",
"StartLocal":"2025-01-20T11:19:11.728821114+01:00",
"TLSCipher":"TLS_AES_128_GCM_SHA256",
"TLSVersion":"1.3",
"TraceId":"00000000000000000000000000000000",
"entryPointName":"websecure",
"level":"info",
"msg":"",
"time":"2025-01-20T11:19:11+01:00"
}
is it possible to make sure that they include all the additional info, like client pc hostname, user username or any other info, which allows me to identify the user in case of access violation?
Thanks