Skip to content

Log Drains allow you to collect logs from your deployments. To enable Log Drains, you must provide a destination URL to send the logs to.

Vercel sends logs to destination URLs over HTTPS, HTTP, TLS, or TCP every time logs are generated.

Format and Transport

Vercel supports three different types of Log Drains:

  • JSON
  • NDJSON
  • Syslog

JSON Log Drains

When you choose the json type, the URL receives a HTTPS or HTTP POST request with a JSON array on the POST body.

If the response of the request returns an HTTP statusCode with a value of -1, that means there was no response returned and the lambda crashed. In the same response, if the value of proxy.statusCode is returned with -1, that means the revalidation occurred in the background.

The logs are buffered and submitted as batches with the following formats:

NDJSON Log Drains

When you choose the ndjson type, the URL receives a HTTPS or HTTP POST request with JSON objects delimited by newline (\\n) on the POST body. See ndjson.org for more information on the structure.

Each request receives HTTP headers including x-vercel-signature.

The following are two example POST bodies:

Syslog Drain

When you choose the syslog type, the URL is connected with TLS or TCP. Log Drain messages are formatted according to RFC5424 framed using octet counting defined in RFC6587.

Syslog messages resemble the following:

Similar to JSON and NDJSON drains, a syslog message contains a hash signature for verifying messages on the signature key of structured data. On syslog drains, the signature is computed using an OAuth2 secret and the MSG section of the syslog format.

Secure Log Drains

All drains support transport-level encryption using HTTPS or TLS protocols, and it is recommended to use them on production and use others only for development and testing.

When your server starts receiving payloads, it could be a third party sending log messages to your server if they know the URL. Therefore, it is recommended to use HTTP Basic Authentication, or verify messages are sent from Vercel using an OAuth2 secret and hash signature.

For example, if you have a basic HTTP server subscribing to Log Drains, the payload can be validated like so:

You can compute the signature using an HMAC hexdigest from the secret token of the OAuth2 app and request body, then compare it with the value of the x-vercel-signature header to validate the payload.

Log Sources

In order to configure the logs you want to receive, you can provide one or more sources when creating a log drain:

value
Details
static
Requests to static assets like HTML and CSS files
lambda
Output from Vercel Functions like API Routes
edge
Output from Edge Functions like Middleware
build
Output from the Build Step
external
External rewrites to a different domain

Example:

{
  sources: ['static', 'lambda', 'edge']
}

While this parameter is optional, providing at least one log source is highly recommended. If you do not provide any log sources, the log drain will default to edge, lambda, static, and external.

get /v1/integrations/log-drains

Retrieves a list of all log drains that are defined for the authorized account. When using an OAuth2 token, the list is limited to log drains created by the authenticated integration.

post /v1/integrations/log-drains

Creates a log drain. This endpoint must be called with an OAuth2 client (integration), since log drains are tied to integrations. If it is called with a different token type it will produce a 400 error.

delete /v1/integrations/log-drains/{id}

Deletes the log drain with the provided id. When using an OAuth2 Token, the log drain can be deleted only if the integration owns it.