Visibility and Logs

ManagementCore API

Visibility and Logs

As a zero trust architecture, one of the main goals of Octelium's architecture and its reliance on identity-aware proxies is to provide clear, structured, identity-based, application-layer aware visibility and auditing. Octelium is built to be OpenTelemetry-native and emits all logs and metrics in real-time, which not only clearly identify the subject (i.e. the User, their Session and Device if available) and the resource represented by the Service and its Namespace, but can also provide you with application-layer specific details of the request (e.g. paths, methods, user agent, query parameters, and even optionally body content in the case of HTTP-based Services, database queries in the case of PostgreSQL and MySQL-based Services, session recording in the case of SSH-based Services, DNS queries and answers in the case of DNS-based Services, etc...).

OpenTelemetry

All logs and metrics produced by the different Octelium components including Services are compatible with OpenTelemetry. OpenTelemetry is a modern framework that is designed to standardize observability including logs, metrics, and traces. Each Service, or more specifically, the identity-aware proxy (IaP) component that implements the Service, Vigil, emits its access logs in real time to an OpenTelemetry Protocol (OTLP) gRPC receiver that must be listening on the address octelium-collector.svc.octelium:8080 (i.e. the receiver must be deployed as a Kubernetes service with the name octelium-collector in the Kubernetes namespace octelium). While you can write and deploy your own custom OTLP receiver fairly easily, it is much simpler for most use cases to simply deploy the official OTLP collector (read more here) inside the Kubernetes cluster as a Kubernetes service. You can also use the opentelemetry-collector-contrib as it already includes many exporters to various major log management and SIEM vendors. And you can also use the official OpenTelemetry Helm chart as shown here.

NOTE

Octelium provides a commercial, scalable OpenTelemetry collector that integrates with Grafana, Splunk, Elastic, Logz.io as well as any OTLP and OTLP-HTTP based providers on demand. You can see the list of our offerings here.

Logs

AccessLog

Octelium provides a unified AccessLog structure for access logs. Here is an example of a JSON representation of an HTTP request (i.e. the Service is using the HTTP mode).

1{
2  "apiVersion": "core/v1",
3  "kind": "AccessLog",
4  "metadata": {
5    "id": "ay54-axtr-fluefgxe5gmo6n051swb18sz-7btn-71r5",
6    "createdAt": "2025-09-10T22:03:52.866580252Z",
7    "actorRef": {
8      "apiVersion": "core/v1",
9      "kind": "Session",
10      "uid": "5da80a64-a876-4927-a360-09c70e8ac7ff",
11      "name": "usr1-rqgw1a",
12      "resourceVersion": "019935a6-325c-770d-b6d0-4e12c9bf987f"
13    },
14    "targetRef": {
15      "apiVersion": "core/v1",
16      "kind": "Service",
17      "uid": "767905b7-6354-4331-aa64-c375379853bc",
18      "name": "nginx.default",
19      "resourceVersion": "019934cf-4030-7122-b521-87590c462553"
20    }
21  },
22  "entry": {
23    "common": {
24      "startedAt": "2025-09-10T22:02:49.760632610Z",
25      "endedAt": "2025-09-10T22:03:52.866582692Z",
26      "status": "ALLOWED",
27      "mode": "WEB",
28      "reason": {
29        "type": "POLICY_MATCH",
30        "details": {
31          "policyMatch": {
32            "inlinePolicy": {
33              "resourceRef": {
34                "apiVersion": "core/v1",
35                "kind": "Group",
36                "uid": "b0fc2727-4522-47e5-acf7-97950913e5c9",
37                "name": "g1",
38                "resourceVersion": "019934cf-33ec-72c1-8314-92b91fae5db6"
39              },
40              "name": "allow-all"
41            }
42          }
43        }
44      },
45      "sessionRef": {
46        "apiVersion": "core/v1",
47        "kind": "Session",
48        "uid": "5da80a64-a876-4927-a360-09c70e8ac7ff",
49        "name": "usr1-rqgw1a",
50        "resourceVersion": "019935a6-325c-770d-b6d0-4e12c9bf987f"
51      },
52      "userRef": {
53        "apiVersion": "core/v1",
54        "kind": "User",
55        "uid": "a9a47e77-93dc-4285-876a-632cb2b43094",
56        "name": "usr1",
57        "resourceVersion": "019934cf-3510-7b59-ac80-7a42815cdadd"
58      },
59      "serviceRef": {
60        "apiVersion": "core/v1",
61        "kind": "Service",
62        "uid": "767905b7-6354-4331-aa64-c375379853bc",
63        "name": "nginx.default",
64        "resourceVersion": "019934cf-4030-7122-b521-87590c462553"
65      },
66      "namespaceRef": {
67        "apiVersion": "core/v1",
68        "kind": "Namespace",
69        "uid": "2073e6f7-24c2-49d2-b0df-e5cd3636d82c",
70        "name": "default",
71        "resourceVersion": "019934c7-6d7a-73cd-a510-dfadfdfa6682"
72      },
73      "regionRef": {
74        "apiVersion": "core/v1",
75        "kind": "Region",
76        "uid": "85477de2-67d3-48ed-bda7-6c914489badf",
77        "name": "default"
78      },
79      "isPublic": true
80    },
81    "info": {
82      "http": {
83        "request": {
84          "path": "/",
85          "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36",
86          "method": "GET",
87          "uri": "/?arg=value"
88        },
89        "response": {
90          "code": 200,
91          "bodyBytes": "615",
92          "body": "PCFET0NUWVB...",
93          "contentType": "text/html"
94        },
95        "httpVersion": "HTTP11"
96      }
97    }
98  }
99}

You can discover more about the AccessLog layer-7 specific information for the following modes:

ComponentLog

Octelium also provides a unified ComponentLog structure for logs produced by the different Octelium components such as Nocturne and Vigil. Here is an example:

On this Page