Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/traefik/traefik/llms.txt

Use this file to discover all available pages before exploring further.

Access Logs Configuration

Access logs provide detailed information about every request handled by Traefik, including source IP, request details, response status, processing time, and more.

Overview

Access logs enable you to:
  • Monitor incoming traffic patterns
  • Analyze request/response metrics
  • Debug routing issues
  • Track client behavior
  • Audit security events
  • Generate analytics
By default, access logs are written to stdout in Traefik’s extended Common Log Format (CLF).

Basic Configuration

Enable access logs: 
accessLog: {}

Configuration Options

File Path

filePath
string
default:"stdout"
Path to the access log file. If not specified, logs are written to stdout.
accessLog:
  filePath: /var/log/traefik/access.log

Format

format
string
default:"common"
Log output format: common, genericCLF, or json.
Traefik’s extended Common Log Format with additional fields:
accessLog:
  format: common
Format:
<remote_IP> - <client_user> [<timestamp>] "<method> <path> <protocol>" <status> <size> "<referrer>" "<user_agent>" <request_count> "<router>" "<service_url>" <duration>ms
Example:
192.168.1.100 - - [03/Mar/2026:10:00:00 +0000] "GET /api/users HTTP/1.1" 200 1234 "-" "Mozilla/5.0" 42 "api-router@docker" "http://backend:8080" 45ms

Add Internals

addInternals
boolean
default:"false"
Enable access logs for internal resources like ping@internal.
accessLog:
  addInternals: true

Buffering

bufferingSize
integer
default:"0"
Number of log lines to buffer in memory before writing. Improves performance for high-traffic scenarios.
accessLog:
  filePath: /var/log/traefik/access.log
  bufferingSize: 100

Filtering

Filter access logs to reduce volume and focus on specific requests:

Status Codes

filters.statusCodes
array
default:"[]"
Log only requests with specific status codes or ranges.
accessLog:
  filters:
    statusCodes:
      - "200"
      - "300-302"
      - "400-499"

Retry Attempts

filters.retryAttempts
boolean
default:"false"
Log only requests that were retried at least once.
accessLog:
  filters:
    retryAttempts: true

Minimum Duration

filters.minDuration
duration
default:"0"
Log only requests that took longer than specified duration.
accessLog:
  filters:
    minDuration: 10ms

Combined Filters

Filters are OR-connected (any matching filter will log the request): 
accessLog:
  format: json
  filters:
    statusCodes:
      - "400-599"  # Client and server errors
    retryAttempts: true
    minDuration: 100ms
This logs requests that:
  • Have 4xx or 5xx status codes, OR
  • Were retried at least once, OR
  • Took longer than 100ms

Field Customization

Control which fields are logged:

Default Mode

fields.defaultMode
string
default:"keep"
Default action for fields: keep or drop.

Field Names

fields.names
object
default:"{}"
Override specific field behavior: keep or drop.
accessLog:
  format: json
  fields:
    defaultMode: keep
    names:
      ClientUsername: drop
      Duration: keep

Header Fields

fields.headers.defaultMode
string
default:"drop"
Default action for headers: keep, drop, or redact.
fields.headers.names
object
default:"{}"
Override specific header behavior: keep, drop, or redact.
accessLog:
  fields:
    headers:
      defaultMode: keep
      names:
        User-Agent: redact
        Authorization: drop
        Content-Type: keep
        X-Custom-Header: keep
  • keep - Include header value
  • drop - Exclude header completely
  • redact - Replace value with “REDACTED”

Available Fields

Complete list of available fields in access logs:
FieldDescription
StartUTCRequest start time in UTC
StartLocalRequest start time in local timezone
DurationTotal processing time in nanoseconds
RouterNameTraefik router name
ServiceNameTraefik service name
ServiceURLBackend service URL
ServiceAddrBackend IP:port
ClientAddrClient address (IP:port)
ClientHostClient IP address
ClientPortClient TCP port
ClientUsernameHTTP basic auth username
RequestAddrHTTP Host header (IP:port)
RequestHostHTTP Host (without port)
RequestPortHTTP Host port
RequestMethodHTTP method (GET, POST, etc.)
RequestPathRequest URI path
RequestProtocolHTTP version
RequestSchemehttp or https
RequestLineFull request line
RequestContentSizeRequest body size in bytes
OriginDurationUpstream processing time
OriginContentSizeUpstream response size
OriginStatusUpstream HTTP status
DownstreamStatusStatus returned to client
DownstreamContentSizeResponse size to client
RequestCountTotal requests since startup
GzipRatioCompression ratio
OverheadTraefik processing overhead
RetryAttemptsNumber of retries
TLSVersionTLS version (1.2, 1.3)
TLSCipherTLS cipher suite
TLSClientSubjectClient certificate subject
TraceIdDistributed trace ID (32-hex)
SpanIdRoot span ID (16-hex)

Time Zones

By default, timestamps use UTC. Configure local timezone:

Using Environment Variable

services:
  traefik:
    image: traefik:v3.0
    environment:
      - TZ=America/New_York
    command:
      - --accesslog=true
      - --accesslog.fields.names.StartUTC=drop

Using Volume Mount

services:
  traefik:
    image: traefik:v3.0
    volumes:
      - /usr/share/zoneinfo/America/New_York:/etc/localtime:ro
    command:
      - --accesslog=true
      - --accesslog.fields.names.StartUTC=drop
Drop StartUTC and keep StartLocal to use local timestamps.

Log Rotation

Traefik supports external log rotation using USR1 signal: 
kill -USR1 <traefik-pid>
Example logrotate configuration: 
/var/log/traefik/access.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    postrotate
        killall -USR1 traefik
    endscript
}
Windows SupportUSR1 signal rotation is not supported on Windows.

OpenTelemetry Access Logs

Experimental FeatureOpenTelemetry access logs are currently experimental.

Enable Experimental Feature

experimental:
  otlpLogs: true

accessLog:
  otlp:
    serviceName: traefik-access
    http:
      endpoint: https://otel-collector:4318/v1/logs

OTLP Configuration

Same configuration options as Traefik logs:
  • serviceName - Service identifier
  • resourceAttributes - Additional attributes
  • http - HTTP protocol configuration
  • grpc - gRPC protocol configuration
  • tls - TLS settings
See Logs documentation for detailed OTLP configuration.

Complete Examples

Production Setup

accessLog:
  format: json
  filePath: /var/log/traefik/access.log
  bufferingSize: 100
  filters:
    statusCodes:
      - "400-599"
    minDuration: 100ms
  fields:
    defaultMode: keep
    names:
      ClientUsername: drop
    headers:
      defaultMode: drop
      names:
        User-Agent: keep
        X-Forwarded-For: keep
        Authorization: drop
        Cookie: drop

Development Setup

accessLog:
  format: common

High-Traffic Optimized

accessLog:
  format: json
  filePath: /var/log/traefik/access.log
  bufferingSize: 1000
  filters:
    # Only log errors and slow requests
    statusCodes:
      - "500-599"
    minDuration: 500ms
  fields:
    defaultMode: keep
    names:
      # Drop high-cardinality fields
      RequestCount: drop
      GzipRatio: drop
    headers:
      defaultMode: drop

Security-Focused Logging

accessLog:
  format: json
  filePath: /var/log/traefik/access.log
  filters:
    # Log authentication failures and suspicious activity
    statusCodes:
      - "401"
      - "403"
      - "404"
  fields:
    headers:
      defaultMode: drop
      names:
        User-Agent: keep
        X-Forwarded-For: keep
        X-Real-Ip: keep
        # Redact sensitive headers
        Authorization: redact
        Cookie: redact
        X-Api-Key: drop

Best Practices

Performance
  • Use buffering for high-traffic deployments
  • Filter logs to reduce volume
  • Use JSON format for structured log processing
  • Avoid logging all headers (high overhead)
Security
  • Drop or redact sensitive headers (Authorization, Cookie, API keys)
  • Don’t log request/response bodies
  • Secure log files with appropriate permissions
  • Rotate logs regularly to prevent disk exhaustion
Monitoring
  • Log errors and slow requests (use filters)
  • Include trace IDs for distributed tracing correlation
  • Monitor log file sizes
  • Integrate with log aggregation systems (ELK, Loki, etc.)