Access Logger

Creating and Debugging Filters with Access Logger

Using the Access Logger

The access logger has two properties. One is for recording specific payloads to create routes, filters and operations on your payloads to be secured. The second property is recording traffic, status codes and showing you what requests are being made through VGS to and from your server.


Enabling the record function, will record traffic for 10 minutes (or can be paused after capturing the payloads you want). During this time you can introspect on traffic and fine-tune your configurations. enable-access-logger

Viewing Payloads

To view the requests that were captured, after you’ve clicked record and sent data through, click ‘Load New Requests’ if it hasn’t populated. Recorded requests will show a little database icon to the left. list-all-requests Once you click an entry a pop-up showing you all the details of the payload (Headers and Body, Request and Response) will be viewable. view-request-details Within this view, we have more context around the request, including headers, body, origin, etc. Right now you can see the Request (without being modified) passed ‘foo’.

From here we can select the payload we want to operate on and generate filters and a route for. secure-payload-request From here we get the following options to Operate on our data. Redact/Reveal, Storage and Format. operation-options

Debugging

If an error occurs while sending data, the access logs are an extremely useful tool. Here we have a 405 Method not allowed error.

Clicking on the item with the error status code reveals the full error message response and enables us to inspect the Request that caused the error. view-405-status-logger

In this case, this particular endpoint only allows for HEAD, OPTIONS, POST. Our request caused an error because it was a GET to a /post route. see-response-logger

Access Logs

The additional functionality of the Access Logs is that in the Live environment and Sandbox environment you will see the most recent requests that traveled through VGS, their status codes, and the time of the action. This is useful for seeing which of your requests finished with good status codes, and those that have failed. These are distinct from the other requests that are recorded by their lack of the database icon. access-logs

Tips

  • A 407 error, an authentication error, will prevent you from seeing an upstream response in your Access Logs because the request will terminate at our authentication check before going through our service.
  • A 504 response will not produce an error code in the logger. Instead this means that our service was unable to connect to the destination on the outbound connection (e.g. no status code was returned)
  • If you see a request and no response, it may mean that your request didn’t complete its route through the tunnel to its destination.
  • If you don’t see anything on the Access Logs page (and logging is enabled) you’re not hitting the VGS service.
  • The Access Logs also allows you to see what inbound data your server will receive and what outbound data third parties will see.

If you have any questions, comments or feedback on this guide contact us on our site chat or at support@verygoodsecurity.com