IBM Cloud Docs
Datapath log forwarding

Datapath log forwarding

As of 28 March 2024, the IBM Log Analysis service is deprecated and will no longer be supported as of 30 March 2025. Customers need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Log Analysis along with IBM Cloud Logs. Logging is the same for both services. For information about migrating from IBM Log Analysis to IBM Cloud Logs and running the services in parallel, see migration planning.

Data and health check logs are valuable for debugging and maintenance purposes. With the datapath logging feature enabled, IBM Cloud® Virtual Private Cloud Application Load Balancer for VPC (ALB) forwards these logs to your account's IBM Log Analysis dashboard.

To enable or disable the datapath logging feature, you can:

  • Create a load balancer and enable or disable the toggle button.

  • Use the CLI to set the --logging-datapath-active property to true for existing load balancers.

  • Use the API to enable the datapath logging.

If you do not have a Log Analysis instance, you must create one before you enable datapath logging.

Viewing logs in the IBM Log Analysis service

Log in to IBM Log Analysis with your IBM Cloud account. You can view logs from the Log Analysis instance. For more information, see Getting started with IBM Log Analysis.

To create a Log Analysis instance, follow these steps:

  1. Select Create a logging instance. The logging instance creation page shows.

  2. Choose the region from the menu list that corresponds to the zone where you provisioned the load balancer. For example, for a load balancer in SYD01, choose the region of Sydney.

    For information about the mapping between regions and zones, see Zone mapping per account.

After you choose your region, click Create to create the logging instance, then configure it by clicking Configure the platform service logs.

Log output examples

The following output is an example of IBM Cloud Application Load Balancer for VPC datapath logging:

Sep 28 11:25:04 is-load-balancer crn:v1:bluemix:public:is:us-south:a/a1234567::load-balancer:r006-6ba32c0e-830c-483c-871a-0240c10662cf
{"PRIORITY":"info", "MSG_timestamp":"2020-09-28T03:25:03.136101+00:00", "SentByHost":"150.238.66.162", "MESSAGE":" Connect from 222.72.143.92:38605 to 10.240.128.5:62776 (r006-6ba32c0e-830c-483c-871a-0240c10662cf/HTTP)", "logSourceCRN":"crn:v1:bluemix:public:is:us-south:a/a1234567::load-balancer:r006-6ba32c0e-830c-483c-871a-0240c10662cf", "saveServiceCopy":false}

The logs contain the log header and the JSON string.

The log header is built with datetime (Sep 28 11:25:04), log source (is-load-balancer) and log source CRN (crn:v1:bluemix:public:is:us-south...).

The datapath log is a JSON string, containing the following fields:

Datapath log fields
Field Name Type Description
PRIORITY string The log level associated with each message on the severity of the log.
MSG_timestamp string The timestamp that indicates when the log was generated.
SentByHost string The IP address of the host.
MESSAGE string Description about the log file.
logSourceCRN string Where the log file is saved in the Log Analysis instance of the account indicated in the CRN.
saveServiceCopy bool Indicates whether to save a log in the Log Analysis STS; the default value is false.

The following is an example of the JSON schema of a datapath log:

{
    "type": "object",
    "properties": {
        "PRIORITY": {
            "type": "string"
        },
        "MSG_timestamp": {
            "type": "string"
        },
        "SentByHost": {
            "type": "string"
        },
        "MESSAGE": {
            "type": "string"
        },
        "logSourceCRN": {
            "type": "string"
        },
        "saveServiceCopy": {
            "type": "boolean"
        }
    }
}

Note that:

  • PRIORITY is the log level that is associated with each message on the severity of the log. Currently, the only choice is info.
  • MSG_timestamp is the timestamp in Coordinated Universal Time.
  • SentByHost is the VIP of the appliance. For public load balancers, this is the floating IP; for private load balancers, this is a private IP.
  • MESSAGE is the content of the log message.
  • logSourceCRN indicates which Log Analysis instance to use to save the logs for the account.
  • saveServiceCopy is false (by default) and cannot be changed.

The format of the logs can be impacted by internal upgrades. It is recommended to use these messages only for debugging purposes, not for build automation.