Log Drains allow you to collect logs from your deployments. To enable Log Drains, you must provide a destination URL to send the logs to.
Vercel sends logs to destination URLs over HTTPS
, HTTP
, TLS
, or TCP
every time logs are generated.
Format and Transport
Vercel supports three different types of Log Drains:
- JSON
- NDJSON
- Syslog
JSON Log Drains
When you choose the json
type, the URL receives a HTTPS or HTTP POST request with a JSON array on the POST
body.
The logs are buffered and submitted as batches with the following formats:
NDJSON Log Drains
When you choose the ndjson
type, the URL receives a HTTPS or HTTP POST request with JSON objects delimited by newline (\\n
) on the POST
body.
See ndjson.org for more information on the structure.
Each request receives HTTP headers including x-vercel-signature
.
The following are two example POST
bodies:
Syslog Drain
When you choose the syslog
type, the URL is connected with TLS or TCP.
Log Drain messages are formatted according to RFC5424 framed using octet counting defined in RFC6587.
Syslog messages resemble the following:
Similar to JSON and NDJSON drains, a syslog message contains a hash signature for verifying messages on the signature
key of structured data.
On syslog drains, the signature is computed using an OAuth2 secret and the MSG
section of the syslog format.
Secure Log Drains
All drains support transport-level encryption using HTTPS
or TLS
protocols,
and it is recommeded to use them on production and use others only for development and testing.
When your server starts receiving payloads, it could be a third party sending log messages to your server if they know the URL. Therefore, it is recommended to use HTTP Basic Authentication, or verify messages are sent from Vercel using an OAuth2 secret and hash signature.
For example, if you have a basic HTTP server subscribing to Log Drains, the payload can be validated like so:
You can compute the signature using an HMAC hexdigest from the secret
token of the OAuth2 app and request body, then compare it with the value of the x-vercel-signature
header to validate the payload.
Retrieves a list of log drains
get /v1/integrations/log-drains
Retrieves a list of all log drains that are defined for the authorized account. When using an OAuth2 token, the list is limited to log drains created by the authenticated integration.
Creates a new log drain
post /v1/integrations/log-drains
Creates a log drain. This endpoint must be called with an OAuth2 client (integration), since log drains are tied to integrations. If it is called with a different token type it will produce a 400 error.
Deletes the log drain with the provided `id`
delete /v1/integrations/log-drains/{id}
Deletes the log drain with the provided id
. When using an OAuth2 Token, the log drain can be deleted only if the integration owns it.