Edit this page
Report an issue
Did you know that you can try this plugin without talking to anyone with a free trial of Kong Konnect? Get started in under 5 minutes.
Publish request and response logs to an Apache Kafka topic. For more information, see Kafka topics.
Kong also provides a Kafka plugin for request transformations. See Kafka Upstream.
Quickstart
The following guidelines assume that both Kong Enterprise and Kafka have been
installed on your local machine.
Note: We use
zookeeperin the following example, which is not required or has been removed on some Kafka versions. Refer to the Kafka ZooKeeper documentation for more information.
-
Create a
kong-logtopic in your Kafka cluster:${KAFKA_HOME}/bin/kafka-topics.sh --create \ --zookeeper localhost:2181 \ --replication-factor 1 \ --partitions 10 \ --topic kong-log -
Add the
kafka-logplugin globally:curl -X POST http://localhost:8001/plugins \ --data "name=kafka-log" \ --data "config.bootstrap_servers[1].host=localhost" \ --data "config.bootstrap_servers[1].port=9092" \ --data "config.topic=kong-log" -
Make sample requests:
for i in {1..50} ; do curl http://localhost:8000/request/$i ; done -
Verify the contents of the Kafka
kong-logtopic:${KAFKA_HOME}/bin/kafka-console-consumer.sh \ --bootstrap-server localhost:9092 \ --topic kong-log \ --partition 0 \ --from-beginning \ --timeout-ms 1000
Log format
Similar to the HTTP Log Plugin.
Implementation details
This plugin uses the lua-resty-kafka client.
When encoding request bodies, several things happen:
- For requests with a content-type header of
application/x-www-form-urlencoded,multipart/form-data, orapplication/json, this plugin passes the raw request body in thebodyattribute, and tries to return a parsed version of those arguments inbody_args. If this parsing fails, an error message is returned and the message is not sent. - If the
content-typeis nottext/plain,text/html,application/xml,text/xml, orapplication/soap+xml, then the body will be base64-encoded to ensure that the message can be sent as JSON. In such a case, the message has an extra attribute calledbody_base64set totrue.
TLS
Enable TLS by setting config.security.ssl to true.
mTLS
Enable mTLS by setting a valid UUID of a certificate in config.security.certificate_id.
Note that this option needs config.security.ssl set to true.
See Certificate Object
in the Admin API documentation for information on how to set up Certificates.
SASL Authentication
This plugin supports the following authentication mechanisms:
-
PLAIN: Enable this mechanism by setting
config.authentication.mechanismtoPLAIN. You also need to provide a username and password with the config optionsconfig.authentication.userandconfig.authentication.passwordrespectively. -
SCRAM: In cryptography, the Salted Challenge Response Authentication Mechanism (SCRAM) is a family of modern, password-based challenge–response authentication mechanisms providing authentication of a user to a server. The Kafka Log plugin supports the following:
-
SCRAM-SHA-256: Enable this mechanism by setting
config.authentication.mechanismtoSCRAM-SHA-256. You also need to provide a username and password with the config optionsconfig.authentication.userandconfig.authentication.passwordrespectively. -
SCRAM-SHA-512: Enable this mechanism by setting
config.authentication.mechanismtoSCRAM-SHA-512. You also need to provide a username and password with the config optionsconfig.authentication.userandconfig.authentication.passwordrespectively.
-
-
Delegation Tokens: Delegation Tokens can be generated in Kafka and then used to authenticate this plugin.
Delegation Tokensleverage theSCRAM-SHA-256authentication mechanism. ThetokenIDis provided with theconfig.authentication.userfield and thetoken-hmacis provided with theconfig.authentication.passwordfield. To indicate that a token is used you have to set theconfig.authentication.tokenauthsetting totrue.Read more on how to create, renew, and revoke delegation tokens.
Known issues and limitations
Known limitations:
- Message compression is not supported.
- The message format is not customizable.