Forwarding logs to an external source

Many websites need to forward their log files to a central location for processing and alerting. Acquia Cloud Enterprise customers with both an Elite subscription and an Acquia Technical Account Manager have access to a certain amount of this centralized aggregation for collectors by using TLS-based log forwarding.

Log forwarding is supported for remote destinations that support a generic Syslog destination. Acquia uses syslog-ng, which uses TLS over TCP. If you enable log forwarding, Acquia Cloud will forward all available logs to the remote destination.

Note

  • Log forwarding is provided on a best-effort basis, and is not guaranteed.
  • You can also view many Acquia-provided log files in the Acquia Cloud interface. For more information about how to do this, see Streaming log entries in real time.

Procedure

If you want your logs forwarded to a remote destination, you must request that syslog forwarding be enabled by contacting Acquia support and providing the following information:

  • IP address of the server to which the logs will be sent

  • Port on which the remote server is listening, usually port 443

  • Environment that you want forwarded

  • CA certificate to use for encrypting traffic - The CA certificate can be either a self-signed or a valid certificate and must not require a password to unlock. The following is an example of the commands used to generate a CA certificate:

    openssl genrsa -out acquia-ca.key 2048 && openssl req -x509 -new -nodes -key acquia-ca.key -days 1024 -subj "/C=US/ST=MA/L=Boston/O=Acquia/OU=My Website/CN=Acquia/[email protected]" -out acquia-ca.pem
    

Log forwarding is supported for a single endpoint. Changing your endpoint configuration will require a new ticket.

Log availability

If log forwarding is enabled, Acquia Cloud will forward all of the generated logs for the following items:

Splunk

With some configuration, Acquia supports the use of Splunk.

Download this example for information about how to set up an Acquia application and inputs.conf file to use with Splunk services.

Note

Although Acquia supports log forwarding to Splunk Enterprise accounts, Splunk Cloud is not supported due to limitations regarding direct TCP log forwarding.

Additional information

Acquia does not support other services, such as Sumologic or Loggly.

Although it may be possible for you to forward logs to your own custom endpoints, Acquia Support cannot provide any assistance with those attempts.

Contact supportStill need assistance? Contact Acquia Support

Acquia: Think Ahead

53 State Street, 10th Floor
Boston, MA 02109
United States
Phone: 888-922-7842

Map: Google Maps
View other locations