Visibility and Logs

One of the main goals of Octelium's architecture and its reliance on identity-aware proxies is to provide clear, structured, identity-based, application-layer aware visibility and auditing.

OpenTelemetry

All logs and metrics produced by the different Octelium components including Services are OpenTelemetry ready. OpenTelemetry is a modern framework that is designed to standardize observability including logs, metrics and traces. Each Service, or more specifically, the identity-aware proxy (IaP) component that implements the Service, Vigil, emits its access logs in real time to an OpenTelemetry Protocol (OTLP) gRPC receiver that must be listening over the address octelium-collector.svc.octelium:8080 (i.e. the receiver must be deployed as a Kubernetes service with the name octelium-collector in the Kubernetes namespace octelium). While you can write and deploy your own custom OTLP receiver fairly easily, it is much simpler for most use cases to simply deploy the official OTLP collector (read more here) inside the Kubernetes cluster as a Kubernetes service. You can also use the opentelemetry-collector-contrib as it already includes many exporters to various major log management and SIEM vendors.

NOTE

Octelium provides a commercial scalable OpenTelemetry collector that integrates with Grafana, Splunk, Elastic, Logz.io as well as any OTLP and OTLP-HTTP based providers on demand. You can see the list of our offerings here.

Logs

AccessLog

Octelium provides a unified AccessLog structure for access logs. Here is an example of a JSON representation of an HTTP request (i.e. the Service is using the HTTP mode).

1{
2  "apiVersion": "core/v1",
3  "entry": {
4    "common": {
5      "endedAt": "2025-03-21T20:20:57.970432905Z",
6      "isAuthenticated": true,
7      "isAuthorized": true,
8      "namespaceRef": {
9        "apiVersion": "core/v1",
10        "kind": "Namespace",
11        "name": "default",
12        "resourceVersion": "0195b81d-43ec-7ba7-81f7-9b77202b3612",
13        "uid": "bff0768e-eec8-4044-a972-9f7af81b79d8"
14      },
15      "reason": {
16        "details": {
17          "policyMatch": {
18            "inlinePolicy": {
19              "name": "allow-all",
20              "resourceRef": {
21                "apiVersion": "core/v1",
22                "kind": "Group",
23                "name": "g1",
24                "resourceVersion": "0195b821-209b-76f7-bde9-b078e870621c",
25                "uid": "972e1808-7248-468a-ba7c-8da43d33c626"
26              }
27            }
28          }
29        },
30        "type": "POLICY_MATCH"
31      },
32      "regionRef": {
33        "apiVersion": "core/v1",
34        "kind": "Region",
35        "name": "default",
36        "uid": "6e233d12-2fd6-4670-a82d-8c712e1f7374"
37      },
38      "serviceRef": {
39        "apiVersion": "core/v1",
40        "kind": "Service",
41        "name": "portal.default",
42        "resourceVersion": "0195b820-357c-7753-a9fb-240102cb642c",
43        "uid": "f1e03fcc-4a8c-45e5-9771-59a0c5924627"
44      },
45      "sessionRef": {
46        "apiVersion": "core/v1",
47        "kind": "Session",
48        "name": "usr1-ver9fi",
49        "resourceVersion": "0195ba26-805a-76ff-966f-a8ee4158f3d5",
50        "uid": "e04bb910-9bb7-483f-a3fe-6c0610b7e358"
51      },
52      "startedAt": "2025-03-21T20:20:57.917525056Z",
53      "userRef": {
54        "apiVersion": "core/v1",
55        "kind": "User",
56        "name": "usr1",
57        "resourceVersion": "0195b821-228d-79b2-92f3-4bb458944f97",
58        "uid": "e0f251b2-6952-4a46-a771-2712a45c47f5"
59      }
60    },
61    "info": {
62      "http": {
63        "httpVersion": "HTTP11",
64        "request": {
65          "method": "GET",
66          "path": "/services",
67          "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36"
68        },
69        "response": {
70          "bodyBytes": "471",
71          "code": 200
72        }
73      }
74    }
75  },
76  "kind": "AccessLog",
77  "metadata": {
78    "actorRef": {
79      "apiVersion": "core/v1",
80      "kind": "Session",
81      "name": "usr1-ver9fi",
82      "resourceVersion": "0195ba26-805a-76ff-966f-a8ee4158f3d5",
83      "uid": "e04bb910-9bb7-483f-a3fe-6c0610b7e358"
84    },
85    "createdAt": "2025-03-21T20:20:57.970426960Z",
86    "id": "qx24-gtvf-0ow6d4fc4tyrskc2eco6rafs-sne8-xi11",
87    "targetRef": {
88      "apiVersion": "core/v1",
89      "kind": "Service",
90      "name": "portal.default",
91      "resourceVersion": "0195b820-357c-7753-a9fb-240102cb642c",
92      "uid": "f1e03fcc-4a8c-45e5-9771-59a0c5924627"
93    }
94  }
95}

You can discover more about the AccessLog layer-7 specific information for the following modes:

ComponentLog

Octelium also provides a unified ComponentLog structure for logs produced by the different Octelium components such as Nocturne and Vigil. Here is an example: