The Layer0 platform exposes three types of logs to users:

  • Build logs capture all the build output from your Layer0 deploys.
  • Server logs capture your Layer0 serverless console output at real time.
  • Access logs capture information about all the requests served by Layer0.

Each time you deploy to Layer0 using the layer0 deploy command, information about the deployment is logged, including the output of the layer0 deploy command itself. You can view these logs in real-time by viewing your deployment on app.layer0.co.

build

All messages logged using console.log, console.warn, console.error, etc... within your application can be viewed in real time from the "Server" tab on any deployment:

server

Here you can limit the output to only those statements coming from your IP address, or filter by regex. This can use useful when trying to sift through noisy logs on high-traffic sites.

By enabling Deep Request Inspection in your environment, you can also see the headers and body of every request and response served by your application via the Layer0 serverless cloud. You can also see each upstream API request made by your application. To enable Deep Request Inspection, navigate to the environment in the Layer0 Developer Console, select the configuration tab, click "Edit" and enable "Deep Request Inspection" in the Debugging section.

Deep Request Inspection

Finally, activate the new environment configuration and tail the server logs on any deployment to see detailed information about every request served by that deployment.

Layer0 Enterprise tier customers can receive streaming access logs that capture information about each request served by Layer0. To do so refer to the "Access Logs" tab:

access

Note that if you are not an Enterprise tier customer you will see a message to contact support to upgrade your account.

Access logs contain the following fields:

Millisecond resolution of the request start time in UNIX epoch.

The application's Layer0 version processing this request.

The application's build number processing this request.

The active environment ID in Layer0.

Available since Layer0 v2.9.0.

The active environment version number.

IP of the most downstream client, determined either through XFF or by reading socket infromation.

HTTP method

Host header as received from the downstream.

HTTP path

Flag indicating whether downstream connection is http/2 or not

Flag indicating whether this request is an http/2 server-side push or not

HTTP response status code

Flag indicating whether this request was cacheable even in theory

Country code per geo-location.

Size of the request in bytes.

Size of the response in bytes.

Destination, determined by split testing rules

Backend, determined by split testing rules

Split testing bucket cookie value

Flag indicating whether the response is compressed or not.

Unique request ID

WAF security state: geo for geo blocking, bl for black list, dl-<list name> for dynamic lists if the request was blocked; wl for whitelist, by for bypass if the request was passed.

Flag indicating whether the request was shielded.

Device type desktop, smartphone, tablet, mobile

Vendor: apple, microsoft, android

Browser: chrome, safari, firefox

Flag indicating whether the requet was made by a bot.

Flag indicating whether the request was responded from edge (not true for cache hits, just for synthetic requests)

Cache level on which the request was responded or 0 if it was a miss

Indicates if the response was stale or not (0, 1)

Flag indicating if the response has completed (analogous to 499 in Nginx)

Caching status (why something was or wasn't cached)

Response content type.

Request header x-0-matched-routes, logs all routes matched and is required to order the routes table in caching metrics

Referrer request header (note the misspelling per HTTP standard)

User agent.

Response x-0-t header with different critical path timings

Response x-0-user-t header with different user performance metrics

Response x-0-status header with different critical path status codes

If layer0_prefetch parameter was specified value of 1, otherwise not present.

Time to live in seconds of the response if it was cached.

The response vary header received from upstream; it's sometimes different to what's sent downstream as we inject user-agent in moov_deliver, but it's this value what actually splits the cache; we don't have access to beresp from moov_log so we preserve it in req

IP of the backend that responded to the request

Request ID of the response hit in the cache. Corresponds to x-0-hit-request-id response header.

Layer0 saves its logs to Amazon S3. Most log aggregation tools are able to ingest logs from S3. We attempt to link to the docs that explain how to ingest logs from S3 for each popular log aggregation tool below. Even if your tool is not listed, there's a good chance it can ingest logs from S3.