Traefik
Monitor Traefik reverse proxy and load balancer logs with advanced parsing and real-time analytics using the File Stream plugin
Traefik Integration
Monitor and analyze Traefik reverse proxy and load balancer logs in real-time using LogFlux Agent’s File Stream plugin. This configuration-based approach provides comprehensive log parsing, service discovery monitoring, and advanced traffic analytics for modern containerized environments.
Overview
The Traefik integration leverages LogFlux Agent’s File Stream plugin to:
- Real-time monitoring of HTTP/HTTPS traffic and TCP streams
- Service discovery tracking with dynamic backend monitoring
- Container and microservice request routing analytics
- SSL/TLS certificate monitoring and renewal tracking
- API Gateway analytics with middleware execution tracking
- Cloud-native integration with Kubernetes, Docker, and Consul
Installation
The File Stream plugin is included with LogFlux Agent. Enable it for Traefik log monitoring:
1
2
3
4
5
|
# Enable File Stream plugin
sudo systemctl enable --now logflux-filestream
# Verify plugin status
sudo systemctl status logflux-filestream
|
Traefik Configuration
Configure Traefik to enable detailed logging in your traefik.yml or docker-compose.yml:
Static Configuration (traefik.yml)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# Logging configuration
log:
level: INFO
filePath: "/var/log/traefik/traefik.log"
# Access logs
accessLog:
filePath: "/var/log/traefik/access.log"
format: json
fields:
defaultMode: keep
names:
ClientUsername: drop
headers:
defaultMode: keep
names:
User-Agent: keep
Authorization: drop
Content-Type: keep
# API and dashboard
api:
dashboard: true
insecure: false
# Entry points
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
# Certificate resolvers
certificatesResolvers:
letsencrypt:
acme:
email: admin@example.com
storage: /letsencrypt/acme.json
httpChallenge:
entryPoint: web
|
Docker Compose Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
version: '3.8'
services:
traefik:
image: traefik:v3.0
command:
- "--log.level=INFO"
- "--log.filepath=/var/log/traefik/traefik.log"
- "--accesslog=true"
- "--accesslog.filepath=/var/log/traefik/access.log"
- "--accesslog.format=json"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik_logs:/var/log/traefik
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
traefik_logs:
|
Basic Configuration
Configure the File Stream plugin to monitor Traefik logs by creating /etc/logflux-agent/plugins/filestream-traefik.toml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[filestream.traefik_access]
paths = ["/var/log/traefik/access.log"]
format = "json"
tags = ["traefik", "access", "proxy"]
fields = {
service = "traefik",
log_type = "access"
}
[filestream.traefik_app]
paths = ["/var/log/traefik/traefik.log"]
format = "json"
tags = ["traefik", "application", "proxy"]
fields = {
service = "traefik",
log_type = "application"
}
|
Traefik’s JSON format provides structured logging:
1
2
3
4
5
6
7
8
9
10
11
|
[filestream.traefik_json]
paths = ["/var/log/traefik/access.log"]
format = "json"
parse_timestamp = true
timestamp_field = "time"
timestamp_format = "2006-01-02T15:04:05.000Z"
tags = ["traefik", "json", "access"]
fields = {
service = "traefik",
log_type = "json_access"
}
|
Sample JSON log entry:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
{
"ClientAddr": "192.168.1.100:54321",
"ClientHost": "192.168.1.100",
"ClientPort": "54321",
"ClientUsername": "-",
"DownstreamContentSize": 1234,
"DownstreamStatus": 200,
"Duration": 45000000,
"OriginContentSize": 1234,
"OriginDuration": 42000000,
"OriginStatus": 200,
"Overhead": 3000000,
"RequestAddr": "example.com",
"RequestContentSize": 0,
"RequestCount": 1,
"RequestHost": "example.com",
"RequestMethod": "GET",
"RequestPath": "/api/v1/users",
"RequestPort": "443",
"RequestProtocol": "HTTP/2.0",
"RequestScheme": "https",
"RetryAttempts": 0,
"RouterName": "api-router",
"ServiceName": "api-service",
"ServiceURL": "http://192.168.1.10:8080",
"time": "2024-01-15T10:30:45.123Z"
}
|
For legacy compatibility:
1
2
3
4
5
6
7
|
[filestream.traefik_clf]
paths = ["/var/log/traefik/access.log"]
format = "regex"
regex = '^(?P<client_ip>\S+) - (?P<client_username>\S+) \[(?P<timestamp>[^\]]+)\] "(?P<request_method>\S+) (?P<request_path>\S+) (?P<request_protocol>[^"]*)" (?P<status>\d+) (?P<response_size>\S+) "(?P<referer>[^"]*)" "(?P<user_agent>[^"]*)" (?P<request_count>\d+) "(?P<router_name>[^"]*)" "(?P<service_url>[^"]*)" (?P<duration>\d+)ms$'
parse_timestamp = true
timestamp_field = "timestamp"
timestamp_format = "02/Jan/2006:15:04:05 -0700"
|
Container-Specific Monitoring
Monitor specific container services:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[filestream.traefik_containers]
paths = ["/var/log/traefik/access.log"]
format = "json"
tags = ["traefik", "containers"]
fields = {
service = "traefik",
log_type = "container_access"
}
# Filter for specific services
[filestream.traefik_containers.processors.grep]
patterns = [
"ServiceName:api-service",
"ServiceName:web-service",
"ServiceName:database-service"
]
|
Advanced Configuration
Middleware Execution Monitoring
Track middleware performance and execution:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[filestream.traefik_middleware]
paths = ["/var/log/traefik/traefik.log"]
format = "json"
tags = ["traefik", "middleware"]
fields = {
service = "traefik",
log_type = "middleware"
}
# Filter for middleware-related logs
[filestream.traefik_middleware.processors.grep]
patterns = [
"middleware",
"auth",
"ratelimit",
"circuit-breaker"
]
|
SSL/TLS Certificate Monitoring
Monitor certificate operations and renewals:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[filestream.traefik_ssl]
paths = ["/var/log/traefik/traefik.log"]
format = "json"
tags = ["traefik", "ssl", "certificates"]
fields = {
service = "traefik",
log_type = "ssl"
}
# Filter for SSL/TLS related events
[filestream.traefik_ssl.processors.grep]
patterns = [
"acme",
"certificate",
"tls",
"letsencrypt"
]
|
Service Discovery Monitoring
Track dynamic service registration and deregistration:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[filestream.traefik_discovery]
paths = ["/var/log/traefik/traefik.log"]
format = "json"
tags = ["traefik", "discovery", "services"]
fields = {
service = "traefik",
log_type = "service_discovery"
}
# Monitor service changes
[filestream.traefik_discovery.processors.grep]
patterns = [
"provider",
"service",
"router",
"docker",
"kubernetes"
]
|
Detailed performance tracking with calculated metrics:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
[filestream.traefik_performance]
paths = ["/var/log/traefik/access.log"]
format = "json"
tags = ["traefik", "performance"]
fields = {
service = "traefik",
log_type = "performance"
}
# Add calculated fields for analysis
[filestream.traefik_performance.processors.add_fields]
fields = {
response_time_ms = "{{ div .Duration 1000000 }}",
backend_time_ms = "{{ div .OriginDuration 1000000 }}",
proxy_overhead_ms = "{{ div .Overhead 1000000 }}",
bytes_per_second = "{{ div .DownstreamContentSize .Duration | mul 1000000000 }}"
}
# Filter slow requests
[filestream.traefik_performance.processors.threshold]
field = "Duration"
threshold = 5000000000 # 5 seconds in nanoseconds
|
Load Balancing and Routing Analytics
Backend Load Distribution
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[filestream.traefik_load_balancing]
paths = ["/var/log/traefik/access.log"]
format = "json"
tags = ["traefik", "loadbalancing", "analytics"]
fields = {
service = "traefik",
log_type = "load_balancing"
}
# Count requests per service
[filestream.traefik_load_balancing.processors.counter]
field = "ServiceName"
window = "1m"
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[filestream.traefik_routers]
paths = ["/var/log/traefik/access.log"]
format = "json"
tags = ["traefik", "routers"]
fields = {
service = "traefik",
log_type = "router_performance"
}
# Group by router for analysis
[filestream.traefik_routers.processors.group_by]
field = "RouterName"
metrics = ["Duration", "DownstreamStatus", "RetryAttempts"]
|
Usage Examples
Monitor Reverse Proxy Traffic
1
2
3
4
5
6
7
8
|
# Stream all Traefik logs
logflux-cli stream --filter 'service:traefik'
# Monitor specific service
logflux-cli stream --filter 'service:traefik AND ServiceName:api-service'
# Track SSL certificate events
logflux-cli stream --filter 'service:traefik AND tags:ssl'
|
1
2
3
4
5
6
7
8
|
# Monitor slow requests (>2 seconds)
logflux-cli stream --filter 'service:traefik AND Duration:>2000000000'
# Track 5xx errors
logflux-cli stream --filter 'service:traefik AND DownstreamStatus:>=500'
# Monitor retry attempts
logflux-cli stream --filter 'service:traefik AND RetryAttempts:>0'
|
Container Monitoring
1
2
3
4
5
6
7
8
|
# Monitor Docker container access
logflux-cli stream --filter 'service:traefik AND tags:containers'
# Track Kubernetes ingress
logflux-cli stream --filter 'service:traefik AND provider:kubernetes'
# Monitor service discovery
logflux-cli stream --filter 'service:traefik AND log_type:service_discovery'
|
Kubernetes Integration
Traefik Ingress Controller Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-config
data:
traefik.yml: |
log:
level: INFO
filePath: /var/log/traefik/traefik.log
accessLog:
filePath: /var/log/traefik/access.log
format: json
providers:
kubernetesIngress:
ingressClass: traefik
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
|
LogFlux Agent DaemonSet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: logflux-agent
spec:
selector:
matchLabels:
app: logflux-agent
template:
spec:
containers:
- name: logflux-agent
image: logflux/agent:latest
volumeMounts:
- name: traefik-logs
mountPath: /var/log/traefik
- name: config
mountPath: /etc/logflux-agent/plugins
volumes:
- name: traefik-logs
hostPath:
path: /var/log/traefik
- name: config
configMap:
name: logflux-traefik-config
|
Docker Compose Integration
Complete Stack with Monitoring
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
version: '3.8'
services:
traefik:
image: traefik:v3.0
command:
- --log.level=INFO
- --log.filepath=/logs/traefik.log
- --accesslog=true
- --accesslog.filepath=/logs/access.log
- --accesslog.format=json
- --providers.docker=true
- --providers.docker.exposedbydefault=false
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik_logs:/logs
ports:
- "80:80"
- "443:443"
labels:
- "traefik.enable=true"
logflux-agent:
image: logflux/agent:latest
volumes:
- traefik_logs:/var/log/traefik:ro
- ./logflux-config:/etc/logflux-agent/plugins
depends_on:
- traefik
volumes:
traefik_logs:
|
Monitoring and Alerting
Key Metrics to Monitor
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# Service down alert
[alerts.traefik_service_down]
query = "service:traefik AND DownstreamStatus:503"
threshold = 5
window = "1m"
message = "Traefik service unavailable: {{ .ServiceName }}"
# High response time alert
[alerts.traefik_slow_response]
query = "service:traefik AND Duration:>10000000000"
threshold = 10
window = "2m"
message = "Traefik slow response times detected"
# Certificate renewal alert
[alerts.traefik_cert_renewal]
query = "service:traefik AND message:certificate AND level:ERROR"
threshold = 1
window = "5m"
message = "Traefik certificate renewal failed"
# High error rate alert
[alerts.traefik_error_rate]
query = "service:traefik AND DownstreamStatus:>=400"
threshold = 20
window = "1m"
message = "High error rate in Traefik: {{ .RouterName }}"
|
Dashboard Metrics
Monitor these key Traefik metrics:
- Request rate (requests per second by service)
- Response times (Duration, OriginDuration, Overhead)
- Error rates (4xx, 5xx responses by router)
- Service health (backend availability)
- SSL/TLS operations (certificate renewals, handshakes)
- Load balancing (request distribution across backends)
- Container dynamics (service registration/deregistration)
- Middleware performance (auth, rate limiting, circuit breaker)
Troubleshooting
Common Issues
Traefik logs not appearing:
1
2
3
4
5
6
7
8
|
# Check Traefik logging configuration
docker logs traefik-container-name
# Verify log file permissions
sudo ls -la /var/log/traefik/
# Test log file creation
sudo touch /var/log/traefik/test.log
|
JSON parsing errors:
1
2
3
4
5
6
7
8
|
# Validate JSON format
cat /var/log/traefik/access.log | jq .
# Check LogFlux Agent logs
sudo journalctl -u logflux-filestream -f
# Test JSON parsing
echo '{"test": "value"}' | jq .
|
Service discovery issues:
1
2
3
4
5
6
7
8
9
|
# Check provider configuration
grep -r "provider" /etc/traefik/
# Verify Docker/Kubernetes connectivity
docker ps | grep traefik
kubectl get ingress
# Check Traefik dashboard
curl http://localhost:8080/api/overview
|
SSL/TLS certificate problems:
1
2
3
4
5
6
7
8
|
# Check certificate resolver status
curl http://localhost:8080/api/http/services
# Verify ACME configuration
grep -r "acme" /etc/traefik/
# Test certificate renewal
docker exec traefik-container traefik version
|
Best Practices
- Enable compression for reduced bandwidth usage
- Use HTTP/2 for improved performance
- Implement caching with appropriate cache headers
- Monitor resource usage (CPU, memory, file descriptors)
Security
- Enable secure headers middleware
- Implement rate limiting to prevent abuse
- Use proper TLS configuration with modern cipher suites
- Monitor authentication failures and suspicious activity
High Availability
- Deploy multiple Traefik instances behind a load balancer
- Use external certificate storage (Consul, etcd)
- Monitor backend health with appropriate health checks
- Implement graceful shutdown procedures
Container Orchestration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
# Kubernetes best practices
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-ingress
annotations:
traefik.ingress.kubernetes.io/router.middlewares: default-auth@kubernetescrd
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
spec:
tls:
- hosts:
- api.example.com
secretName: api-tls
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-service
port:
number: 8080
|
Log Management
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
# Optimize log rotation for Traefik
/var/log/traefik/*.log {
daily
rotate 30
missingok
notifempty
compress
delaycompress
copytruncate
postrotate
docker kill -s USR1 traefik-container 2>/dev/null || true
systemctl reload logflux-filestream.service > /dev/null 2>&1 || true
endpostrotate
}
|
Advanced Features
Custom Middleware Monitoring
1
2
3
4
5
6
7
8
9
|
[filestream.traefik_custom_middleware]
paths = ["/var/log/traefik/access.log"]
format = "json"
tags = ["traefik", "middleware", "custom"]
# Monitor custom middleware execution
[filestream.traefik_custom_middleware.processors.extract]
source_field = "RequestHeader"
pattern = 'X-Custom-Middleware: (?P<middleware_name>\w+)'
|
Multi-Environment Monitoring
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[filestream.traefik_prod]
paths = ["/var/log/traefik/prod-access.log"]
format = "json"
fields = {
service = "traefik",
environment = "production"
}
[filestream.traefik_staging]
paths = ["/var/log/traefik/staging-access.log"]
format = "json"
fields = {
service = "traefik",
environment = "staging"
}
|
This comprehensive Traefik integration provides real-time reverse proxy monitoring, container service discovery tracking, and advanced traffic analytics using LogFlux Agent’s File Stream plugin. The configuration-based approach offers detailed insights into modern containerized application routing, SSL/TLS operations, and microservice communication patterns.
Disclaimer
The Traefik logo and trademarks are the property of Traefik Labs. LogFlux is not affiliated with, endorsed by, or sponsored by Traefik Labs. The Traefik logo is used solely for identification purposes to indicate compatibility and integration capabilities.
