Envoy: How to deal with the increasing access log?
We deploy a 'service pod' along with a sidecar envoy. The problem is the access log of envoy, there is no size-limit or log-rotate supported by envoy. So we have to clean out the access log when it grow too large, e.g. launch another shell/program to rename access log and reload the envoy(Just like what we do with nginx access log).
However, dealing with hundreds or thousands of 'service pod' is also a tough job I think, not graceful.
What do you suggest to do with?
Or if I don't make my scenario understandable, please reach me out.
anticpp
All 7 comments
I am doing some ongoing work to ship Access Logs in proto format to a gRPC log sink which should be properly formed up into to a PR later this week. One canonical example of this is the Google Stackdriver public API, but you could develop your own gRPC service and send the logs to it. This will give you the ability to collect all access logs centrally and decide what you want to keep and for how long. I don't know whether this would meet your needs or is too much complexity but I wanted to let you know it's something that's in the works. You can see the proto format in https://github.com/lyft/envoy-api/blob/master/api/accesslog.proto
For a simple solution I'd suggest using something like the standard logrotate typically shipped by Linux distributions rather than trying to build this into Envoy itself.
dnoe
on 14 Jun 2017
per @dnoe we will likely not implement any sysadmin type functionality like this directly in envoy when well known solutions already exist (in this case logrotate).
mattklein123
on 14 Jun 2017
@dnoe Thanks for that. Actually, logging to remote is a workable solution, but I think it's too heavy to handle the access log situation.
I am looking forward to solution like logrotate, not invaded to envoy itself.
anticpp
on 15 Jun 2017
Closing for now as we are unlikely to build this type of ops functionality into envoy directly.
mattklein123
on 26 Jun 2017
For people reading this who might be unfamiliar with logrotate, it's configuration files are kept in /etc/logrotate.d on a typical Debian/Ubuntu machine. man logrotate will give you some more information about how it works, including an example rotate config you can use as template for building your own, personalized configuration.
perlun
on 9 Oct 2018
Can you please explain me, how to enable this functionality in already installed Istio (in OpenShift)? I tried to edit ConfigMap “istio” but it doesn’t take effect (enableEnvoyAccessLogService: true, envoyAccessLogService address).
yury-alpatov
on 2 Apr 2020
per @dnoe we will likely not implement any sysadmin type functionality like this directly in envoy when well known solutions already exist (in this case logrotate).
https://github.com/foreversd/forever/issues/106#issuecomment-71555960
"
So, in case of create logrotate option - forever proceeds to write to rotated log file instead of main one.
If copytruncate option set - forever write to main log file, but it's not wiped when rotated and logs keep accumulate.
Does someone have a solution?
"
pat70
on 22 Sep 2020
Related issues
hawran
·
3Comments
vpiduri
·
3Comments
boncheo
·
3Comments
jeremybaumont
·
3Comments
yanniszark
·
3Comments
Most helpful comment
per @dnoe we will likely not implement any sysadmin type functionality like this directly in envoy when well known solutions already exist (in this case logrotate).