Logging and monitoring for Secure Web Proxy callouts

This page shows you how to configure and use Cloud Logging and Cloud Monitoring with Service Extensions callouts for Secure Web Proxy.

Logging

Secure Web Proxy uses Logging to capture and store several types of logs, including those relating to extensions. For information about Secure Web Proxy logging, see Logs.

In general, Application Load Balancer log entries contain information that is useful for monitoring and debugging your HTTP or HTTPS traffic. Log entries contain the following types of information:

  • Information shown in most Google Cloud logs, such as severity, project ID, project number, and timestamp as described in the LogEntry log.
  • HttpRequest log fields.

Request logs for HTTP and HTTPS load balancers contain a service_extension_info object in the load balancer log entry JSON payload with the following information:

Field Type Description
backend_target_name string Name of the backend target of the extension.
backend_target_type string Type of the backend target.
chain string Name of the extension chain within the service extension resource that matches the request.
extension string Name of the extension within the extension chain.
failed_open boolean When the extension configuration has failOpen set to true, the value true for this metric indicates that processing continued when the extension timed out or failed.

Applies only to regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers.
grpc_status enum The most recent status on the gRPC stream. For more information, see gRPC status codes.
per_processing_request_info array A list of either ProcessingRequest stats for ext_proc extensions or CheckRequest stats for ext_authz extensions that occur over the gRPC stream.
per_processing_request_info[].event_type enum The event type of ProcessingRequest. Can be one of these: REQUEST_HEADERS, REQUEST_BODY, RESPONSE_HEADERS, or RESPONSE_BODY.
per_processing_request_info[].latency duration The duration from when the first byte of the ProcessingRequest message is sent to the extension to when the last byte of the ProcessingResponse message is received.
per_processing_request_info[].processing_effect enum The result of processing for each event in a processing request.

Applies only to regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers.

Can be one of the following values:

  • NONE: indicates that contents were not changed.
  • NONE_FAILED_OPEN: indicates that no mutations were performed because the extension failed open.
  • CONTENT_MODIFIED: indicates that content was changed by a successfully applied mutation request.
  • IMMEDIATE_RESPONSE: indicates that an immediate response was sent by the extension to halt all further processing.
  • MUTATION_REJECTED: indicates that the extension requested at least one disallowed change and further processing was discontinued. Appropriate error messages are logged.
  • UNSPECIFIED: indicates that the effect of processing is not known.
per_processing_request_info[].processing_effect_details string When processing_effect is MUTATION_REJECTED, the details about why a mutation was rejected.

Applies only to regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers.
resource string Name of the extension resource

Monitoring

For information about Monitoring metrics for Secure Web Proxy, see Available metrics.