Log Drains

Log Drains allow you to collect logs from your deployments. To enable Log Drains, you must provide a destination URL to send the logs to.

Vercel sends logs to destination URLs over HTTPS, HTTP, TLS, or TCP every time logs are generated.

Format and Transport

Vercel supports three different types of Log Drains:

  • JSON
  • Syslog

JSON Log Drains

When you choose the json type, the URL receives a HTTPS or HTTP POST request with a JSON array on the POST body. The logs are buffered and submitted as batches with the following formats:

NDJSON Log Drains

When you choose the ndjson type, the URL receives a HTTPS or HTTP POST request with JSON objects delimited by newline (\\n) on the POST body. See ndjson.org for more information on the structure.

Each request receives HTTP headers including x-vercel-signature.

The following are two example POST bodies:

Syslog Drain

When you choose the syslog type, the URL is connected with TLS or TCP. Log Drain messages are formatted according to RFC5424 framed using octet counting defined in RFC6587.

Syslog messages resemble the following:

Similar to JSON and NDJSON drains, a syslog message contains a hash signature for verifying messages on the signature key of structured data. On syslog drains, the signature is computed using an OAuth2 secret and the MSG section of the syslog format.

Secure Log Drains

All drains support transport-level encryption using HTTPS or TLS protocols, and it is recommeded to use them on production and use others only for development and testing.

When your server starts receiving payloads, it could be a third party sending log messages to your server if they know the URL. Therefore, it is recommended to use HTTP Basic Authentication, or verify messages are sent from Vercel using an OAuth2 secret and hash signature.

For example, if you have a basic HTTP server subscribing to Log Drains, the payload can be validated like so:

You can compute the signature using an HMAC hexdigest from the secret token of the OAuth2 app and request body, then compare it with the value of the x-vercel-signature header to validate the payload.

Retrieves a list of log drains

get /v1/integrations/log-drains

Retrieves a list of all log drains that are defined for the authorized account. When using an OAuth2 token, the list is limited to log drains created by the authenticated integration.

Creates a new log drain

post /v1/integrations/log-drains

Creates a log drain. This endpoint must be called with an OAuth2 client (integration), since log drains are tied to integrations. If it is called with a different token type it will produce a 400 error.

Deletes the log drain with the provided `id`

delete /v1/integrations/log-drains/{id}

Deletes the log drain with the provided id. When using an OAuth2 Token, the log drain can be deleted only if the integration owns it.