Access logs allow you to observe the running status of your business and Service Mesh (ASM) data plane. In business scenarios with a large number of access requests, you can filter logs based on specific conditions to reduce the performance overhead of sidecar proxies and focus on key log content. ASM allows you to use Common Expression Language (CEL) to configure rules for filtering logs. This topic describes how to use CEL to configure rules for filtering ASM access logs and the fields supported by CEL.
Filtering rules
If a CEL expression evaluates to true, access logs are returned. Otherwise, access logs are not returned.
Examples
Example 1: Return only access logs with a response status code of 400 or higher
response.code >= 400response.code indicates the HTTP status code of an HTTP response. If the HTTP status code of an HTTP response is greater than or equal to 400, the expression evaluates to true and access logs of the request are returned.
Example 2: Return only access logs that contain the login substring in the request URI
request.url_path.contains('login')request.url_pathindicates the path of an HTTP request without the query string.containsis a standard CEL string method that returns a Boolean value, which is used to determine whether a string contains a given substring. Ifrequest.url_pathcontains theloginsubstring, the expression evaluates to true and access logs of the request are returned.
Example 3: Use logical AND and logical OR to make judgments based on multiple conditions
Logical AND (&&)
request.url_path.contains('login') && request.headers['x-user-type'] == 'dev'request.url_pathindicates the path of an HTTP request without the query string.request.headersindicates the request headers in a request. Its value type is map<string, string>.If
request.url_pathcontainslogin, the request contains thex-user-typerequest header, and the value of the request header isdev, access logs of the request are returned.
Logical OR (||)
request.url_path.contains('login') || request.url_path.contains('logout')request.url_pathindicates the path of an HTTP request without the query string.If
request.url_pathcontainsloginorlogout, access logs of the request are returned.
Fields supported by CEL
Request attributes
Attribute | Type | Description |
request.path | string | The path part of the HTTP URL with the query string. |
request.url_path | string | The path part of the HTTP URL without the query string. |
request.host | string | The host name part of the HTTP URL. |
request.scheme | string | The scheme part of the HTTP URL, such as HTTP or HTTPS. |
request.method | string | The request method, such as GET or POST. |
request.headers | map<string, string> | A map of all request headers. |
request.referer | string | The value of the Refer header in the request. |
request.useragent | string | The value of the User-Agent header in the request. |
request.time | timestamp | The timestamp when the first byte of the request was received. |
request.id | string | The value of the x-request-id header in the request. |
request.protocol | string | The request protocol, such as HTTP/1.0, HTTP/1, HTTP/2, or HTTP/3. |
request.query | string | The query string in the URL, such as name1=value1&name2=value2. |
request.duration | duration | The total duration of the request. |
request.size | int | The size of the request body. If the Content-Length header exists, its value is used. |
request.total_size | int | The size of the complete request that contains the request headers. |
Response attributes
Attribute | Type | Description |
response.code | int | The HTTP status code of the response. |
response.code_details | string | The description of the response status code. |
response.flags | int | The extra information, in addition to the HTTP status code of the response, which is encoded as a Bit Vector. |
response.grpc_status | int | The GRPC status code of the response. |
response.headers | map<string, string> | A map of all response headers. |
response.trailers | map<string, string> | The map of all Trailers in the response. |
response.size | int | The size of the response body. |
response.total_size | int | The size of the complete response that contains the response headers. |
Attributes of a downstream connection
Attribute | Type | Description |
source.address | string | The address of the downstream client. |
source.port | int | The port of the downstream client. |
destination.address | string | The destination address of the downstream connection. |
destination.port | int | The destination port of the downstream connection. |
connection.id | uint | The ID of the downstream connection. |
connection.mtls | bool | Specifies whether to enable TLS on the downstream connection and whether the downstream connection carries a certificate. |
connection.requested_server_name | string | The name of the server requested by the downstream TLS connection. |
connection.tls_version | string | The TLS version of the downstream connection. |
connection.subject_local_certificate | string | The Subject field of the server certificate used for the downstream connection. |
connection.subject_peer_certificate | string | The Subject field of the client certificate used for the downstream connection. |
connection.dns_san_local_certificate | string | The first DNS entry in the SAN field of the server certificate used for the downstream TLS connection. |
connection.dns_san_peer_certificate | string | The first DNS entry in the SAN field of the client certificate used for the downstream TLS connection. |
connection.uri_san_local_certificate | string | The first URI entry in the SAN field of the server certificate used for the downstream TLS connection. |
connection.uri_san_peer_certificate | string | The first URI entry in the SAN field of the client certificate used for the downstream TLS connection. |
connection.sha256_peer_certificate_digest | string | The SHA256 hash string of the client certificate used for the downstream TLS connection. |
connection.transport_failure_reason | string | The reason of transmission failure, such as certificate validation failed. |
Attributes of an upstream connection
Attribute | Type | Description |
upstream.address | string | The destination address of the upstream connection. |
upstream.port | int | The destination port of the upstream connection. |
upstream.tls_version | string | The TLS version of the upstream connection. |
upstream.subject_local_certificate | string | The value of the Subject field of the client certificate used for the upstream connection. |
upstream.subject_peer_certificate | string | The value of the Subject field of the server certificate used for the upstream connection. |
upstream.dns_san_local_certificate | string | The first DNS entry in the SAN field of the client certificate used for the upstream connection. |
upstream.dns_san_peer_certificate | string | The first DNS entry in the SAN field of the server certificate used for the upstream connection. |
upstream.uri_san_local_certificate | string | The first URI entry in the SAN field of the client certificate used for the upstream connection. |
upstream.uri_san_peer_certificate | string | The first URI entry in the SAN field of the server certificate used for the upstream connection. |
upstream.sha256_peer_certificate_digest | string | The SHA256 hash string of the server certificate used for the downstream TLS connection. |
upstream.local_address | string | The local address of the upstream client. |
upstream.transport_failure_reason | string | The reason of upstream transmission failure, such as certificate validation failed. |