Log Drain Blacklist Configuration
This topic describes how to edit your manifest stub to prevent Cloud Foundry developers from binding log drains to certain components in your deployment.
Developers can drain logs for their application instances and for requests made to their application instances through internal components of Cloud Foundry to a third-party log management service. For more information, see the Streaming Application Logs to Log Management Services topic.
To drain logs, developers use the Doppler component of the Loggregator system, which aggregates and streams logs and metrics from all user applications and system components in a Cloud Foundry deployment. For more information about the Doppler component and the Loggregator system, see the Overview of the Loggregator System topic.
Operators can blacklist IP addresses to prevent developers from draining logs from certain components. Operators may want to take this step because if the developer attempts to bind a drain to an internal Cloud Foundry component, performance of the deployment can suffer.
To blacklist an IP address range, add the
property to your existing manifest stub, or create an additional stub. Specify starting and ending IP addresses for each IP address range.
See the example stub below for reference:
View the source for this page in GitHub
--- properties: doppler: blacklisted_syslog_ranges: - start: 10.10.16.0 end: 10.10.31.255 - start: 10.10.80.0 end: 10.10.95.255