Unable to log egress traffic HTTP requests with the istio-proxy-CodePudding

I am following https://istio.io/latest/docs/tasks/traffic-management/egress/egress-control/#access-an-external-https-service

Ingress requests are getting logged. Egress traffic control is working as expected, except I am unable to log egress HTTP requests. What is missing?

apiVersion: networking.istio.io/v1beta1
kind: Sidecar
metadata:
  name: myapp
spec:
  workloadSelector:
    labels:
      app: myapp

  outboundTrafficPolicy:
    mode: REGISTRY_ONLY

  egress:
    - hosts:
        - default/*.example.com

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: example

spec:
  location: MESH_EXTERNAL
  resolution: NONE
  hosts:
    - '*.example.com'

  ports:
    - name: https
      protocol: TLS
      number: 443

apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: mesh-default
  namespace: istio-system
spec:
  accessLogging:
    - providers:
        - name: envoy

Kubernetes 1.22.2 Istio 1.11.4

CodePudding user response：

For ingress traffic logging I am using EnvoyFilter to set log format and it is working without any additional configuration. In the egress case, I had to set accessLogFile: /dev/stdout.

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: config
  namespace: istio-system
spec:
  profile: default
  meshConfig:
    accessLogFile: /dev/stdout

CodePudding user response：

AFAIK istio collects only ingress HTTP logs by default.

In the istio documentation there is an old article (from 2018) describing how to enable egress traffic HTTP logs.

Please keep in mind that some of the information may be outdated, however I believe this is the part that you are missing.