change where API Firewall logs go

By default, API Firewall publishes transaction logs to 42Crunch Platform. You can switch the log destination to a separate directory you mount in your deployment, or to set logs to be written as standard output.

Open the file for configuring the API-specific API Firewall variables. Where this is done depends on the environment of your deployment.
Add the environment variable LOG_DESTINATION, choose of the following possible values, and save the file:

Value	Impact
`PLATFORM`	Transaction logs are published to 42Crunch Platform. Error logs and access logs are written to the file system of the API Firewall container. This is the default value.
`FILES`	All transaction, error, and access logs are written to a directory that you mount to your deployment as a volume for `/opt/guardian/logs/${GUARDIAN_INSTANCE_NAME}`.
`STDOUT`	All transaction, error, and access logs are written as standard output (STDOUT) to console.
`FILES+STDOUT`	All transaction, error, and access logs are written to a directory that you mount to your deployment as a volume for `/opt/guardian/logs/${GUARDIAN_INSTANCE_NAME}` and as standard output to console.
`PLATFORM+STDOUT`	Transaction logs are published to 42Crunch Platform and written as standard output to console. Error logs and access logs are written to the file system of the API Firewall container and as standard output to console.

Log destination PLATFORM (alone or with STDOUT) is not suitable for firewall instances running in production environment due to the volume of logs produced. We recommend setting the log destination to FILES or STDOUT (or both) in production or for performance testing.

Using the default size for the container file system is fine for testing, or when you can be sure that the logs volume stays low. However, the volume of logs can rapidly increase, especially in production, so if you want to use PLATFORM or FILES (alone or with STDOUT), you must plan for this growth to avoid running out of disk space in your API Firewall container. Either reserve enough disk space, or mount an external disk as a volume.

If you use only STDOUT, then all logs are pushed out of the container, and container disk space is not a concern.

Depending on the nature of your API, transaction logs could include personally identifiable information that falls under, for example, GDPR regulations. To facilitate the requirements from these regulations, such as the right to forget, it is possible to delete transaction logs from 42Crunch Platform. See Delete transaction logs.

If you set the destination to FILES or FILES+STDOUT, mount the directory where you want to publish logs as a volume for /opt/guardian/logs/${GUARDIAN_INSTANCE_NAME} in your deployment.
Redeploy API Firewall. The logs are now published to your chose destination.