Monitoring and Logging

ALTCHA Sentinel provides several monitoring and logging endpoints for integration with external observability tools:

• GET /.health – Comprehensive health check
• GET /.ready – Readiness probe
• GET /.live – Liveness probe
• GET /.logs – Real-time log streaming
• GET /.metrics – Prometheus metrics

By default, these endpoints are accessible only from the internal (private) network. See Access Control for configuration details.

Health Check Endpoints

Sentinel exposes three health-related endpoints for system monitoring, each serving a different purpose:

Comprehensive Health Check

GET /.health

Performs a full health check including critical subsystems like the database and Redis. Returns HTTP 503 if any component is unhealthy.

Example Response:

{
  "status": "healthy",
  "checks": {
    "database": {
      "ok": true
    },
    "redis": {
      "ok": true
    }
  },
  "timestamp": "2025-05-12T14:05:54.464Z",
  "version": "1.0.0"
}

Readiness Probe

GET /.ready

Checks whether the server is ready to receive traffic. Returns HTTP 200 if ready, or 503 if not.

Example Response:

{
  "status": "ready",
  "timestamp": "2025-05-12T14:06:08.460Z",
  "version": "1.0.0"
}

Liveness Probe

GET /.live

A basic endpoint that confirms the server is running. Always returns HTTP 200 if alive.

Example Response:

{
  "status": "alive",
  "timestamp": "2025-05-12T14:06:57.007Z",
  "version": "1.0.0"
}

Tip

For external health checks over the public Internet, prefer the GET /v1/ping endpoint instead of the internal health check URLs.

Metrics

Prometheus-Compatible Metrics

GET /.metrics

Exposes metrics in a format compatible with Prometheus.

Logging

The Sentinel server implements the following logging capabilities:

1. Standard Output: All logs are written to stdout for capture by standard logging tools
2. Live Log Streaming: Provides real-time log access via HTTP

Note

This documentation covers server logging only. Request logging can be configured individually for each API key, and the retention period for request logs can be adjusted using the REQUEST_LOGS_TTL environment variable.

Live Log Streaming

GET /.logs

Streams server logs in real-time. Supports optional JSON formatting.

Query Parameters:

• format=json (optional): Outputs logs in JSON format

Examples:

• Default stream: GET /.logs
• JSON stream: GET /.logs?format=json

Access Control

To protect sensitive monitoring data, access is restricted using the following environment variables and, by default, is limited to internal (private) networks only:

MONITORING_IP_WHITELIST

Specifies which IP ranges are allowed to access monitoring endpoints. Default includes:

10.0.0.0/8           // Corporate networks
172.16.0.0/12        // Medium-sized private networks
192.168.0.0/16       // Office/home networks
127.0.0.1/32         // IPv4 localhost
::1/128              // IPv6 localhost
fd00::/8             // IPv6 unique local addresses
100.64.0.0/10        // Shared address space (CGNAT)

MONITORING_HTTP_CREDENTIALS

Enables HTTP Basic Authentication using the format: <username>:<password>