ovh
diff --git a/‎pages/network/load_balancer/use_api_logs_2_customers/guide.en-gb.md
Lines changed: 230 additions & 0 deletions b/‎pages/network/load_balancer/use_api_logs_2_customers/guide.en-gb.md
Lines changed: 230 additions & 0 deletions
@@ -0,0 +1,230 @@
+---
+title: OVHcloud Load Balancer TCP / HTTP / HTTPS Logs Forwarding
+excerpt: Find out how to forward your logs from an OVHcloud Load Balancer to Logs Data Platform
+updated: 2024-09-25
+---
+ 
+## Objective
+
+The purpose of this guide is to show you how to enable the forwarding of logs from your OVHcloud Load Balancer to Logs Data Platform (LDP), a platform that helps you store, archive, query and visualize your logs.
+If you would like to find out more about Logs Data Platform before reading this guide, please refer to the [Logs Data Platform introduction guide](/pages/manage_and_operate/observability/logs_data_platform/getting_started_introduction_to_LDP).
+
+> [!primary]
+> In order to use this feature, you must first make a refresh call to the Load Balancers whose logs you want to collect.
+> This is necessary to ensure that the logging format of the OVHcloud Load Balancer is up to date.
+>
+
+## Glossary
+
+- **Logs Data Platform:** a fully managed and secured log management platform by OVHcloud. For more information, consult the [Logs Data Platform](https://www.ovhcloud.com/en-gb/logs-data-platform/) service page.
+- **Data Stream:** a logical partition of logs which you create in an LDP account and which you will use when ingesting, viewing or querying your logs. Multiple sources can be stored in the same data stream, and it is the unit that can be used to define a log pipeline (retention policy, archiving, live streaming, etc.), access rights and alert policies.
+- **Logs forwarding:** a feature integrated into an OVHcloud product to ingest the logs of its services into a *Data Stream* of an LDP account in the same OVHcloud account. This feature must be activated by the customer and per service.
+- **Logs forwarding Subscription:** when enabling the logs forwarding for a given OVHcloud service to a given LDP *Data Stream*, a *Subscription* is created and attached to the *Data Stream* for further management by the customer.
+
+## Requirements
+
+- A Logs Data Platform (LDP) account with at least one active *Stream* configured. This guide will walk you through all the necessary steps: [Quick start for Logs Data Platform](/pages/manage_and_operate/observability/logs_data_platform/getting_started_quick_start).
+    - If you are not familiar with all the LDP *Stream* configuration possibilities, simply create a new one with the default options (indexing & websocket enabled, long-term storage disabled) for the purpose of this guide.
+- An up-and-running [OVHcloud Load Balancer](/pages/network/load_balancer/use_presentation).
+- Both the LDP account and the OVHcloud Load Balancer account must belong to the same OVHcloud account.
+
+## Concepts & limits
+
+> [!warning]
+> To date, the logs of the **UDP** listeners are not forwarded.
+> 
+
+**What are the logs of a OVHcloud Load Balancer?**
+
+The forwarded logs are generated by [HAproxy](https://en.wikipedia.org/wiki/HAProxy){.external} (the opensource component used for load balancing).
+
+### Log content for TCP based listeners : `TCP`, `HTTP`
+
+| Field name | Description | Type |
+|------------|-------------|---------| 
+| accept_date | The timestamp at which the request/connection was made | datetime (with millisecond resolution) e.g. 25/Mar/2024:14:07:19.536 |
+| bytes_read_int | The number of bytes read by the server | Integer |
+| bytes_uploaded_int | The number of bytes sent by the server to the client | Integer |
+| client_ip | IP address of the client that initiated the TCP connection to the Load Balancer | IP |
+| client_ip_city_name | The city computed by Geoip from `client_ip`| String (e.g. `Lille`) |
+| client_ip_country_code | The ISO 3166 A-2 country code computed by Logstash Geoip from `client_ip` ISO | XX (e.g. `FR`) |
+| client_ip_geolocation | The latitude, longitude computed by Logstash Geoip from `client_ip`| x.x,y.y (e.g. `50.624,3.0511`) XST6Y7U899O0|
+| client_port_int | TCP port of the client that initiated the TCP connection to the Load Balancer | Integer |
+| listener_id | The ID of the listener that received the request/connection | uuid |
+| load_balancer_id | The ID of the Load Balancer that received the request/connection | uuid |
+| member | The member to which the request / connection was sent | uuid |
+| message | The original log message | String |
+| pool | The pool that processed the request / connection | uuid |
+| project_id | The ID of the Public Cloud project to which the Load Balancer belongs | uuid |
+| region | The Public Cloud region to which the load balancer belongs | String |
+| tcp_total_session_duration_time_int | The time in milliseconds the TCP session has been opened when this request is made | Integer |
+| termination_state | The session termination indicator: 2 letters for TCP, 4 letters for HTTP all the details on [HAProxy documentation page](https://docs.haproxy.org/2.6/configuration.html#8.5){.external}| String (e.g. "----") |
+| timestamp | The timestamp at which the log has been issued | String |
+
+| Field name | Description | Type |
+|------------|-------------|---------| 
+| service_name | The name of the Load Balancer that received the request/connection | String |
+| date_time | The timestamp at which the request/connection was made | datetime (with millisecond resolution) e.g. 25/Mar/2024:14:07:19.536 |
+| zone | The Public Cloud region to which the load balancer belongs | String |
+| client_ip |  IP address of the client that initiated the TCP connection to the Load Balancer | IP |
+| client_port_int |  TCP port of the client that initiated the TCP connection to the Load Balancer | Integer |
+| frontend_name | Name of the frontend of your OVH
+| frontend_ip | 
+| frontend_port_int | 
+| backend_name | 
+| backend_source_ip | 
+| backend_source_port_int | 
+| server_ip | 
+| server_port_int | 
+| termination_state | The session termination indicator: 2 letters for TCP, 4 letters for HTTP, all the details on [HAProxy documentation page](https://docs.haproxy.org/2.6/configuration.html#8.5){.external}| String (e.g. "----") |
+| bytes_read_int | 
+| bytes_uploaded_int | 
+| time_duration_int | The time in milliseconds the TCP session has been opened when this request is made | Integer |
+
+### Additional content for `HTTP` & `TERMINATED_HTTPS` listeners
+
+| Field name | Description | Type |
+|------------|-------------|---------| 
+| captured_request_headers | The headers of the HTTP request e.g. "User-Agent" | String |
+| http_request | The resource of the HTTP request e.g. "/index.html" | String |
+| http_status_code_int | The returned HTTP status e.g. "200" | Integer |
+ 
+
+## Instructions
+
+Note that the forwarding activation is free of charge, but you will be charged for the usage of the Logs Data Platform service as per the standard price plan. For LDP pricing, refer to this [page](https://www.ovhcloud.com/en-gb/logs-data-platform/).
+
+### Enabling Load Balancer Log Forwarding using the OVHcloud Control Panel
+
+This feature is not yet available in the Control Panel.
+
+### Enabling Audit Log Forwarding using APIs
+
+You will have to define the targeted *Stream* of one of your LDP accounts to which you want your logs forwarded. The enablement of the forwarding will create a subscription for this stream id.
+
+You can retrieve the API specifications in the [OVH API Portal](https://eu.api.ovh.com/console-preview/?section=%2Fdbaas%2Flogs&branch=v1#post-/dbaas/logs/-serviceName-/output/graylog/stream).
+
+#### Step 1 - Retrieve your target Stream (and ID)
+
+List data streams of your Logs Data Platform account (enter your LDP ID in the form ldp-xx-xxxx into the field "serviceName"):
+
+> [!api]
+>
+> @api {v1} /dbaas/logs GET /dbaas/logs/{serviceName}/output/graylog/stream
+>
+
+Get the details of a data stream:
+
+> [!api]
+>
+> @api {v1} /dbaas/logs GET /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}
+>
+
+#### Step 2 - Create your subscription
+
+Use the following API call to create a subscription:
+
+> [!api]
+>
+> @api {v1} /cloud POST /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription
+>
+
+You will need to replace:
+
+- **serviceName**: this is the internal name of your Load Balancer, you can find it in the Load Balancer management page in the OVHcloud Control Panel or using the [dedicated API](https://eu.api.ovh.com/console/?section=%2FipLoadbalancing&branch=v1#get-/ipLoadbalancing) call.
+
+The POST request has a payload that requires:
+
+- `kind`: the kind of log you want to forward, either "http" or "tcp". You can find available kinds using the [dedicated API](https://eu.api.ovh.com/console/?section=%2FipLoadbalancing&branch=v1#get-/ipLoadbalancing/-serviceName-/log/kind) call.
+- `streamId`: the target data stream of your LDP account where you want your Load Balancer logs to be forwarded to. 
+
+```shell
+POST /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription
+{
+  "kind": "string", // Currently the only supported value is 'haproxy'.
+  "streamId": "18d602ec-af40-4000-8e59-41ecc8c23f80" // The streamID of the targeted Stream.
+}
+```
+
+You will get in response an `operationId`:
+
+```shell
+{
+  "operationId": "f550aa1c-89ab-4b1a-81ae-4fba4959966f",
+  "serviceName": "ldp-xxxxx"
+}
+```
+
+You can use the `operationId` to retrieve the `subscriptionId` for further management purposes using the following api call:
+
+> [!api]
+>
+> @api {v1} /dbaas/logs GET /dbaas/logs/{serviceName}/operation/{operationId}
+>
+
+Alternatively, once the operation is finished, the subscriptions can be retrieved using the following API call:
+
+> [!api]
+>
+> @api {v1} /cloud GET /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/
+>
+
+Once you have the `subscriptionId`, you can get the details using the following API call:
+
+> [!api]
+>
+> @api {v1} /cloud GET /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/{subscriptionId}
+>
+
+```shell
+GET /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/{subscriptionId}
+
+{
+  "createdAt": "2024-01-31T15:45:25.286Z",
+  "kind": "string",
+  "resource": {
+    "name": "string",
+    "type": "string"
+  },
+  "serviceName": "string",
+  "streamId": "string",
+  "subscriptionId": "18d60324-b260-4000-83db-b484f4db6e80",
+  "updatedAt": "2024-01-31T15:45:25.286Z"
+}
+```
+
+### How to use OVHcloud Load Balancer logs?
+
+Now that your logs are ingested and stored in your Logs Data Platform data stream, you can query your logs and build dashboards to have a graphical representation of your logs using the web-based UI of Graylog.
+
+- In the OVHcloud Control Panel, retrieve the LDP username (ex: logs-xxxx) and its password in your Logs Data Platform account home page. You can refer to the [Quick start guide for Logs Data Platform](/pages/manage_and_operate/observability/logs_data_platform/getting_started_quick_start).
+- Open the Graylog web-ui. You can retrieve the link in your account home page or using your Access point depending on your account region (for example: Gravelines region is https://gra1.logs.ovh.com/).
+- Log into Graylog using your Logs Data Platform Username and Password.
+- Search through your logs across the data stream of your Logs Data Platform account. You can refer to [Graylog writing search queries](https://go2docs.graylog.org/4-x/making_sense_of_your_log_data/writing_search_queries.html){.external} documentation for details on search syntax.
+
+Refer to the following documentation: [Logs Data Platform - Visualizing, querying and exploiting your logs](/products/observability-logs-data-platform-visualizing-querying-exploiting) for more details about how to use your logs with Logs Data Platform, including how to:
+
+- setup alerts
+- view the logs in real time through a WebSocket
+- build visualization with OpenSearch Dashboards
+- integrate with OpenSearch API
+- connect with Grafana
+ 
+### How to manage your subscriptions?
+
+At any time, you can retrieve the subscriptions attached to your Logs Data Platform data stream and choose to disable the forwarding by cancelling your subscription on your stream, so that your Logs Data Platform stream no longer receives your audit logs.
+
+Note that this does not delete the logs stored before the subscription was cancelled, as the data stored in a log stream is immutable unless you delete the entire stream.
+
+To delete your subscription you can use the following API call:
+
+> [!api]
+>
+> @api {v1} /cloud DELETE /cloud/project/{serviceName}/region/{regionName}/loadbalancing/loadbalancer/{loadBalancerId}/log/subscription/{subscriptionId}
+>
+
+## Go further
+
+If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](https://www.ovhcloud.com/en-gb/professional-services/) to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.
+
+Join our community of users on <https://community.ovh.com/en/>.