OVHcloud Load Balancer - TCP / HTTP / HTTPS Logs forwarding

pages/index.md

@@ -1859,6 +1859,7 @@
             + [Managing your Load Balancer service via the Control Panel](network/load_balancer/use-lb)
             + [Load Balancer API Quick Reference](network/load_balancer/use_api_reference)
             + [Details of API functions](network/load_balancer/use_api_details)
+            + [OVHcloud Load Balancer TCP / HTTP / HTTPS Logs Forwarding](network/load_balancer/use_api_logs_2_customers)
             + [Order a free SSL certificate](network/load_balancer/order_freecertificate)
             + [Load Balancer FAQ](network/load_balancer/create_faq)
         + [Use cases](network-load-balancer-use-cases)

pages/network/load_balancer/use_api_logs_2_customers/guide.en-gb.md

@@ -0,0 +1,215 @@
+---
+title: OVHcloud Load Balancer TCP / HTTP / HTTPS Logs Forwarding
+excerpt: Find out how to forward your logs from an OVHcloud Load Balancer to Logs Data Platform
+updated: 2025-06-13
+---
+
+## Objective
+
+The purpose of this guide is to show you how to enable the forwarding of logs from your OVHcloud Load Balancer to Logs Data Platform (LDP), a platform that helps you store, archive, query and visualize your logs.
+If you would like to find out more about Logs Data Platform before reading this guide, please refer to the [Logs Data Platform introduction guide](/pages/manage_and_operate/observability/logs_data_platform/getting_started_introduction_to_LDP).
+
+> [!primary]
+> In order to use this feature, you must first make a refresh call via the API to the Load Balancers whose logs you want to collect. 
+> This is necessary to ensure that the logging format of the OVHcloud Load Balancer is up to date.
+> You can use the API call below, where **serviceName** is the internal name of your Load Balancer, which you can find in the Load Balancer management page in the OVHcloud Control Panel or using the [dedicated API](https://eu.api.ovh.com/console/?section=%2FipLoadbalancing&branch=v1#get-/ipLoadbalancing) call.
+>
+
+> [!api]
+>
+> @api {v1} /ipLoadbalancing POST /ipLoadbalancing/{serviceName}/refresh
+>
+
+## Glossary
+
+- **Logs Data Platform:** a fully managed and secured log management platform by OVHcloud. For more information, consult the [Logs Data Platform](/links/manage-operate/ldp) service page.
+- **Data Stream:** a logical partition of logs which you create in an LDP account and which you will use when ingesting, viewing or querying your logs. Multiple sources can be stored in the same data stream, and it is the unit that can be used to define a log pipeline (retention policy, archiving, live streaming, etc.), access rights and alert policies.
+- **Logs forwarding:** a feature integrated into an OVHcloud product to ingest the logs of its services into a *Data Stream* of an LDP account in the same OVHcloud account. This feature must be activated by the customer and per service.
+- **Logs forwarding Subscription:** when enabling the logs forwarding for a given OVHcloud service to a given LDP *Data Stream*, a *Subscription* is created and attached to the *Data Stream* for further management by the customer.
+
+## Requirements
+
+- A Logs Data Platform (LDP) account with at least one active *Stream* configured. This guide will walk you through all the necessary steps: [Quick start for Logs Data Platform](/pages/manage_and_operate/observability/logs_data_platform/getting_started_quick_start).
+    - If you are not familiar with all the LDP *Stream* configuration possibilities, simply create a new one with the default options (indexing & websocket enabled, long-term storage disabled) for the purpose of this guide.
+- An up-and-running [OVHcloud Load Balancer](/pages/network/load_balancer/use_presentation).
+- Both the LDP account and the OVHcloud Load Balancer account must belong to the same OVHcloud account.
+
+### Concepts & limits
+
+> [!warning]
+> To date, the logs of the **UDP** listeners are not forwarded.
+> 
+
+**What are the logs of an OVHcloud Load Balancer?**
+
+The forwarded logs are generated by [HAproxy](https://en.wikipedia.org/wiki/HAProxy){.external} (the opensource component used for load balancing).
+
+### Log content for TCP based listeners : `TCP`, `HTTP`
+
+| Field name | Description | Type |
+|------------|-------------|---------| 
+| service_name | The name of the Load Balancer that received the request/connection | String |
+| date_time | The timestamp at which the request/connection was made | datetime (with millisecond resolution) e.g. 25/Mar/2024:14:07:19.536 |
+| zone | The OVHcloud region to which the Load Balancer belongs | String |
+| client_ip |  IP address of the client that initiated the TCP connection to the Load Balancer | IP |
+| client_port_int |  TCP port of the client that initiated the TCP connection to the Load Balancer | Integer |
+| frontend_name | Name of the frontend of your Load Balancer | String |
+| frontend_ip | IP address of the frontend of your Load Balancer | IP |
+| frontend_port_int | TCP port of the frontend of your Load Balancer | Integer |
+| backend_name | Name of the NAT source used by the Load Balancer to connect to your backend servers | String |
+| backend_source_ip | Source IP address used by the Load Balancer to connect to your backend servers | IP |
+| backend_source_port_int | Source port used by the Load Balancer to connect to your backend servers | Integer |
+| server_ip | IP address of the backend server connected to your Load Balancer | IP |
+| server_port_int | TCP port of the backend server connected to your Load Balancer | Integer |
+| termination_state | The session termination indicator: 2 letters for TCP, 4 letters for HTTP, all the details on [HAProxy documentation page](https://docs.haproxy.org/2.6/configuration.html#8.5){.external}| String (e.g. "----") |
+| bytes_read_int | Size (in bytes) of the response sent by the Load Balancer to the client | Integer |
+| bytes_uploaded_int | Size (in bytes) of the request sent by the client to the Load Balancer | Integer |
+| time_duration_int | The duration (in milliseconds) of the TCP session at the time the request was made | Integer |
+
+### Additional content for `HTTP` listeners
+
+| Field name | Description | Type |
+|------------|-------------|---------| 
+| captured_request_headers | The headers of the HTTP request e.g. "User-Agent" | String |
+| http_request | The resource of the HTTP request e.g. "/index.html" | String |
+| http_status_code_int | The returned HTTP status e.g. "200" | Integer |
+
+
+## Instructions
+
+Note that the forwarding activation is free of charge, but you will be charged for the usage of the Logs Data Platform service as per the standard price plan. For LDP #, refer to this [page](/links/manage-operate/ldp).
+
+### Enabling Load Balancer Log Forwarding using the OVHcloud Control Panel
+
+This feature is not yet available in the Control Panel.
+
+### Enabling Audit Log Forwarding using APIs
+
+You will have to define the targeted *Stream* of one of your LDP accounts to which you want your logs forwarded. The enablement of the forwarding will create a subscription for this stream id.
+
+You can retrieve the API specifications in the [OVH API Portal](https://eu.api.ovh.com/console-preview/?section=%2Fdbaas%2Flogs&branch=v1#post-/dbaas/logs/-serviceName-/output/graylog/stream).
+
+#### Step 1 - Retrieve your target Stream (and ID)
+
+List data streams of your Logs Data Platform account (enter your LDP ID in the form ldp-xx-xxxx into the field "serviceName"):
+
+> [!api]
+>
+> @api {v1} /dbaas/logs GET /dbaas/logs/{serviceName}/output/graylog/stream
+>
+
+Get the details of a data stream:
+
+> [!api]
+>
+> @api {v1} /dbaas/logs GET /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}
+>
+
+#### Step 2 - Create your subscription
+
+Use the following API call to create a subscription:
+
+> [!api]
+>
+> @api {v1} /ipLoadbalancing POST /ipLoadbalancing/{serviceName}/log/subscription
+>
+
+You will need to replace:
+
+- **serviceName**: this is the internal name of your Load Balancer, you can find it in the Load Balancer management page in the OVHcloud Control Panel or using the [dedicated API](https://eu.api.ovh.com/console/?section=%2FipLoadbalancing&branch=v1#get-/ipLoadbalancing) call.
+
+The POST request has a payload that requires:
+
+- `kind`: the kind of log you want to forward, either "http" or "tcp". You can find available kinds using the [dedicated API](https://eu.api.ovh.com/console/?section=%2FipLoadbalancing&branch=v1#get-/ipLoadbalancing/-serviceName-/log/kind) call.
+- `streamId`: the target data stream of your LDP account where you want your Load Balancer logs to be forwarded to. 
+
+```shell
+POST /ipLoadbalancing/{serviceName}/log/subscription
+{
+  "kind": "string", // "http" or "tcp".
+  "streamId": "18d602ec-af40-4000-8e59-41ecc8c23f80" // The streamID of the targeted Stream.
+}
+```
+
+You will get in response an `operationId`:
+
+```shell
+{
+  "operationId": "f550aa1c-89ab-4b1a-81ae-4fba4959966f",
+  "serviceName": "ldp-xxxxx"
+}
+```
+
+You can use the `operationId` to retrieve the `subscriptionId` for further management purposes using the following api call:
+
+> [!api]
+>
+> @api {v1} /dbaas/logs GET /dbaas/logs/{serviceName}/operation/{operationId}
+>
+
+Alternatively, once the operation is finished, the subscriptions can be retrieved using the following API call:
+
+> [!api]
+>
+> @api {v1} /ipLoadbalancing GET /ipLoadbalancing/{serviceName}/log/subscription
+>
+
+Once you have the `subscriptionId`, you can get the details using the following API call:
+
+> [!api]
+>
+> @api {v1} /ipLoadbalancing GET /ipLoadbalancing/{serviceName}/log/subscription/{subscriptionId}
+>
+
+```shell
+GET /ipLoadbalancing/{serviceName}/log/subscription/{subscriptionId}
+
+{
+  "createdAt": "2025-05-28T13:41:19.713Z",
+  "kind": "string",
+  "resource": {
+    "name": "string",
+    "type": "string"
+  },
+  "serviceName": "string",
+  "streamId": "19717204-2e10-4000-8b63-4f080b5d5101",
+  "subscriptionId": "19717204-2e10-4000-8c42-d7b11c9ce680",
+  "updatedAt": "2025-05-28T13:41:19.713Z"
+}
+```
+
+### How to use OVHcloud Load Balancer logs?
+
+Now that your logs are ingested and stored in your Logs Data Platform data stream, you can query your logs and build dashboards to have a graphical representation of your logs using the web-based UI of Graylog.
+
+- In the OVHcloud Control Panel, retrieve the LDP username (ex: logs-xxxx) and its password in your Logs Data Platform account home page. You can refer to the [Quick start guide for Logs Data Platform](/pages/manage_and_operate/observability/logs_data_platform/getting_started_quick_start).
+- Open the Graylog web-ui. You can retrieve the link in your account home page or using your Access point depending on your account region (for example: Gravelines region is https://gra1.logs.ovh.com/).
+- Log into Graylog using your Logs Data Platform Username and Password.
+- Search through your logs across the data stream of your Logs Data Platform account. You can refer to [Graylog writing search queries](https://go2docs.graylog.org/4-x/making_sense_of_your_log_data/writing_search_queries.html){.external} documentation for details on search syntax.
+
+Refer to the following documentation: [Logs Data Platform - Visualizing, querying and exploiting your logs](/products/observability-logs-data-platform-visualizing-querying-exploiting) for more details about how to use your logs with Logs Data Platform, including how to:
+
+- setup alerts
+- view the logs in real time through a WebSocket
+- build visualization with OpenSearch Dashboards
+- integrate with OpenSearch API
+- connect with Grafana
+
+### How to manage your subscriptions?
+
+At any time, you can retrieve the subscriptions attached to your Logs Data Platform data stream and choose to disable the forwarding by cancelling your subscription on your stream, so that your Logs Data Platform stream no longer receives your audit logs.
+
+Note that this does not delete the logs stored before the subscription was cancelled, as the data stored in a log stream is immutable unless you delete the entire stream.
+
+To delete your subscription you can use the following API call:
+
+> [!api]
+>
+> @api {v1} /ipLoadbalancing DELETE /ipLoadbalancing/{serviceName}/log/subscription/{subscriptionId}
+>
+
+## Go further
+
+If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](https://www.ovhcloud.com/en-gb/professional-services/) to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.
+
+Join our [community of users](/links/community).