Can anyone help me to choose one Kong API Gateway logging plugin from all available options like Tcp Log, Udp Log, Http Log, File Log, Syslog, Statsd, Loggly, etc which can utilize the existing ELK stack log?
Asked
Active
Viewed 4,986 times
1 Answers
5
I made experiences with the file-log, tcp-log and http-log plugin. All worked quite well for us in terms of the actual logging functionality. The main decision driver was the tech stack we used:
- file-log: We deployed Kong on OpenShift. As OpenShift has a built-in EFK stack and pushes all standard out via Fluentd to ElasticSearch, we wrote our Kong logs to a named pipe ("FIFO file") and made the Docker container to continually print that file to stdout. Kind of a workaround but it worked very well for our use case.
- tcp-log/http-log: We additionally had a requirement to send the logs to an external ELK stack. For this use case we used the tcp-log plugin. We later switched to http-log as it additionally has a built-in basic auth feature, so you can transfer your logs to an publicly available endpoint with authentication. Both plugins sent the logs to logstash which listened to either a tcp or http port.
I hope this helps you choosing a logging plugin according to your needs.
Philipp
- 470
- 2
- 10
-
Hi @Philipp How do set up the authentication for ELK on HTTP-LOG plugin? Do you maybe have an example? – Oneide Luiz Schneider Apr 12 '21 at 23:24
-
Hi @OneideLuizSchneider, unfortunately I do not have an open-source example. What we do is to configure the http-log plugin to send the logs to logstash with basic auth (https://docs.konghq.com/hub/kong-inc/http-log/, search for "basic-auth"). As we did this within a secured namespace, we accepted doing basic-auth without https, but this might be problematic in other setups. Logstash then authenticates against ElasticSearch (if you use AWS-hosted ES, there is a logstash plugin supporting signed AWS API requests). So basically there are two different authentication steps. – Philipp Apr 28 '21 at 09:53