Logging and monitoring for Secure Web Proxy callouts

This page shows you how to configure and use Cloud Logging and Cloud Monitoring with Service Extensions callouts for Secure Web Proxy.

Logging

Secure Web Proxy uses Logging to capture and store several types of logs, including those relating to extensions. For information about Secure Web Proxy logging, see Logs.

In general, Application Load Balancer log entries contain information that is useful for monitoring and debugging your HTTP or HTTPS traffic. Log entries contain the following types of information:

• Information shown in most Google Cloud logs, such as severity, project ID, project number, and timestamp as described in the LogEntry log.
• HttpRequest log fields.

Request logs for HTTP and HTTPS load balancers contain a service_extension_info object in the load balancer log entry JSON payload with the following information:

Field	Type	Description
backend_target_name	string	Name of the backend target of the extension.
backend_target_type	string	Type of the backend target.
chain	string	Name of the extension chain within the service extension resource that matches the request.
extension	string	Name of the extension within the extension chain.
failed_open	boolean	When the extension configuration has failOpen set to true, the value true for this metric indicates that processing continued when the extension timed out or failed. Applies only to regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers.
grpc_status	enum	The most recent status on the gRPC stream. For more information, see gRPC status codes.
per_processing_request_info	array	A list of either ProcessingRequest stats for ext_proc extensions or CheckRequest stats for ext_authz extensions that occur over the gRPC stream.
per_processing_request_info[].event_type	enum	The event type of ProcessingRequest. Can be one of these: REQUEST_HEADERS, REQUEST_BODY, RESPONSE_HEADERS, or RESPONSE_BODY.
per_processing_request_info[].latency	duration	The duration from when the first byte of the ProcessingRequest message is sent to the extension to when the last byte of the ProcessingResponse message is received.
per_processing_request_info[].processing_effect	enum	The result of processing for each event in a processing request. Applies only to regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers. Can be one of the following values: NONE: indicates that contents were not changed. NONE_FAILED_OPEN: indicates that no mutations were performed because the extension failed open. CONTENT_MODIFIED: indicates that content was changed by a successfully applied mutation request. IMMEDIATE_RESPONSE: indicates that an immediate response was sent by the extension to halt all further processing. MUTATION_REJECTED: indicates that the extension requested at least one disallowed change and further processing was discontinued. Appropriate error messages are logged. UNSPECIFIED: indicates that the effect of processing is not known.
per_processing_request_info[].processing_effect_details	string	When processing_effect is MUTATION_REJECTED, the details about why a mutation was rejected. Applies only to regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers.
resource	string	Name of the extension resource

Monitoring

For information about Monitoring metrics for Secure Web Proxy, see Available metrics.

In Preview, you can monitor the following metrics for extensions on regional external Application Load Balancers, regional internal Application Load Balancers, and cross-region internal Application Load Balancers. These metrics have the prefix networkservices.googleapis.com. The prefix is omitted from the entries in the following table.

The following table provides the metric type, display name, kind, type, unit, and description for each metric.

Metric type	Display name Kind, Type, Unit Description
extension/invocation_count	Extension invocation count DELTA, INT64, 1 The number of invocations sent to the extension.
extension/invocation_latencies	Extension invocation latencies DELTA, DISTRIBUTION, ms The distribution calculated from the latency of each extension invocation.
extension/sent_chunks_count	Extension sent chunks count DELTA, INT64, 1 Applicable only for request_body and response_body events. The number of data chunks sent to the extension.
extension/received_chunks_count	Extension received chunks count DELTA, INT64, 1 Applicable only for request_body and response_body events. The number of chunks received from the extension.
extension/failed_open_count	Extension failed invocations with fail-open DELTA, INT64, 1 The number of times that an invocation failed when the system was configured to fail open and the request was allowed to proceed.
extension/mutation_rejections_count	Extension mutation rejections count DELTA, INT64, 1 The number of invocations that requested header, body, or trailer mutations but were rejected. Rejections can occur for a variety of reasons, such as when the mutation is invalid or exceeds size limits.
extension/sent_bytes_count	Extension sent bytes count DELTA, INT64, By The number of bytes sent to the extension.
extension/received_bytes_count	Extension received bytes count DELTA, INT64, By The number of bytes received from the extension.