captures.log

log

Outputs captured protocol messages to the structured log. Messages are written to the configured log outputs.

loglevel - Sets the log level for capture messages. Valid values: error, warning, info (default), debug, trace. Note: Even if the configured log level prevents capture messages from being logged, enabled captures still incur processing overhead for packet dissection and formatting.
format - Sets the output format for captured packets. Valid values:
- text (default) - Human-readable dissected packet output
- hex - Hex-encoded packet bytes with 0x prefix
- json - JSON array of dissected packet fields

Basic log capture with default settings (info level, text format):

captures {
    capture "CAPTURE_TO_LOG" {
        log;
    }
}

Log capture with debug level and hex format:

captures {
    capture "CAPTURE_HEX" {
        log {
            loglevel debug;
            format hex;
        }
    }
}

Log capture with JSON format for machine-readable output:

captures {
    capture "CAPTURE_JSON" {
        log {
            loglevel info;
            format json;
        }
    }
}

Captured packets appear as structured JSON log entries with the following fields:

namespace - Array containing ["capture", "CAPTURE_NAME"]
message - Always "Packet capture" for packets or "Keylog capture" for TLS key material
fields.capture - Name of the capture configuration
fields.frame - Frame number (sequential counter)
fields.context_id - Request context identifier (when available)
fields.packet - Dissected packet text (text format)
fields.packet_hex - Hex-encoded bytes with 0x prefix (hex format)
fields.packet_json - JSON array of packet fields (json format)

Capture counters are tracked and available via the management API at /api/v1/clog/summary?ns=capture::CAPTURE_NAME.