The log forwarding certificates for Splunk, Sumologic, and other syslog destinations must have an expiry greater than 30 days.
Log forwarding is a paid service. To enable log forwarding for your subscription, contact your account manager.
New Relic is not supported as a log forwarding destination in Cloud Platform.
Many websites must forward their log files to a central location (such as Sumologic, Splunk, or Loggly) for processing and alerting. Acquia uses TLS over TCP to forward the log files you select to a remote destination.
All Cloud Platform subscribers can access Acquia-provided log files in the Cloud Platform interface. For more information, see Streaming log entries in real time.
Configuring log forwarding
After log forwarding is enabled for you, assign the Administer log forwarding for non-production environments and Administer log forwarding for your production environmentpermissions to roles in your organization. By default, the Team Lead and Senior Developer roles can manage log forwarding on all environments, while the Developer role can manage log forwarding on non-production environments only.
To configure log forwarding for Cloud Platform, a user with one of the log forwarding permissions must complete the following steps depending on the log forwarding service you have selected:
Note
Although Acquia supports log forwarding to Splunk Enterprise accounts, Splunk Cloud is not supported due to limitations regarding direct TCP log forwarding.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
In the Certificate field, paste one of the following SSL certificates in PEM format:
The CA certificate for the server
A certificate bundle, with the CA and a client certificate
In the Private Key field, enter the private key supplied by Splunk. This value may be the private key for your SSL certificate, if your certificate requires one.
Select one or more checkboxes for the log files you want to forward to this destination:
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
Note
Because log forwarding collectors can vary in their configuration requirements, the Cloud Platform log forwarding service may not be compatible with all third-party services.
To configure log forwarding for syslog-based destinations other than Loggly, Splunk, or Sumologic:
In the Consumer select box, select Syslog, which enables you to forward logs to destinations other than Loggly, Splunk, or Sumologic.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
Note
Subscribers using Syslog log forwarding destinations will receive empty structured data formatted as - instead of [] from the Syslog server.
All logs forwarded to your remote destination have additional fields added to the beginning of each line. For more information about this data and its format, see File formats in forwarded log files.
Determining the log forwarding status
The Cloud Platform user interface allows you to determine the status of the log forwarding process for each of your logs. A log forwarding destination may have one of the following statuses:
Active: Cloud Platform is actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the active text along with an Active icon in the Status column of the Logs > Forward page.
Inactive: Cloud Platform is not actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the inactive text along with an Inactive icon in the Status column of the Logs > Forward page.
Pending: The Cloud Platform log forwarding process is in the pending state during the time it takes a user to complete the following actions:
Create a log forwarding destination
Edit a log forwarding destination
Enable a log forwarding destination
Disable a log forwarding destination
The Cloud Platform user interface will display the pending text along with the icon in the column of the page.
Note
Acquia Support can only assist with troubleshooting issues related to the new log forwarding infrastructure or customer interface, and cannot assist with troubleshooting issues related to third-party services.
Cloud Platform API endpoints for log forwarding
The Cloud Platform API provides endpoints for log forwarding, including:
The log forwarding certificates for Splunk, Sumologic, and other syslog destinations must have an expiry greater than 30 days.
Log forwarding is a paid service. To enable log forwarding for your subscription, contact your account manager.
New Relic is not supported as a log forwarding destination in Cloud Platform.
Many websites must forward their log files to a central location (such as Sumologic, Splunk, or Loggly) for processing and alerting. Acquia uses TLS over TCP to forward the log files you select to a remote destination.
All Cloud Platform subscribers can access Acquia-provided log files in the Cloud Platform interface. For more information, see Streaming log entries in real time.
Configuring log forwarding
After log forwarding is enabled for you, assign the Administer log forwarding for non-production environments and Administer log forwarding for your production environmentpermissions to roles in your organization. By default, the Team Lead and Senior Developer roles can manage log forwarding on all environments, while the Developer role can manage log forwarding on non-production environments only.
To configure log forwarding for Cloud Platform, a user with one of the log forwarding permissions must complete the following steps depending on the log forwarding service you have selected:
Note
Although Acquia supports log forwarding to Splunk Enterprise accounts, Splunk Cloud is not supported due to limitations regarding direct TCP log forwarding.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
In the Certificate field, paste one of the following SSL certificates in PEM format:
The CA certificate for the server
A certificate bundle, with the CA and a client certificate
In the Private Key field, enter the private key supplied by Splunk. This value may be the private key for your SSL certificate, if your certificate requires one.
Select one or more checkboxes for the log files you want to forward to this destination:
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
Note
Because log forwarding collectors can vary in their configuration requirements, the Cloud Platform log forwarding service may not be compatible with all third-party services.
To configure log forwarding for syslog-based destinations other than Loggly, Splunk, or Sumologic:
In the Consumer select box, select Syslog, which enables you to forward logs to destinations other than Loggly, Splunk, or Sumologic.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
Note
Subscribers using Syslog log forwarding destinations will receive empty structured data formatted as - instead of [] from the Syslog server.
All logs forwarded to your remote destination have additional fields added to the beginning of each line. For more information about this data and its format, see File formats in forwarded log files.
Determining the log forwarding status
The Cloud Platform user interface allows you to determine the status of the log forwarding process for each of your logs. A log forwarding destination may have one of the following statuses:
Active: Cloud Platform is actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the active text along with an Active icon in the Status column of the Logs > Forward page.
Inactive: Cloud Platform is not actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the inactive text along with an Inactive icon in the Status column of the Logs > Forward page.
Pending: The Cloud Platform log forwarding process is in the pending state during the time it takes a user to complete the following actions:
Create a log forwarding destination
Edit a log forwarding destination
Enable a log forwarding destination
Disable a log forwarding destination
The Cloud Platform user interface will display the pending text along with the icon in the column of the page.
Note
Acquia Support can only assist with troubleshooting issues related to the new log forwarding infrastructure or customer interface, and cannot assist with troubleshooting issues related to third-party services.
Cloud Platform API endpoints for log forwarding
The Cloud Platform API provides endpoints for log forwarding, including:
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Token field, enter a token for securely sending your logs to the consuming service. For more information about customer tokens, see Loggly’s documentation..
Select one or more checkboxes for the log files you want to forward to this destination:
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
In the Token field, enter a token for securely sending your logs to Sumologic. For more information about tokens, see Sumologic’s documentation.
In the Certificate field, paste a SSL certificate in PEM format.
Note
Sumologic provides certificates in CRT format. To convert a CRT certificate to PEM format, see the SSL Converter form on SSLShopper.com.
In the Private Key field, enter the private key supplied by Sumologic. This value may be the private key for your SSL certificate, if your certificate requires one.
Select one or more checkboxes for the log files you want to forward to this destination:
Click Submit. Cloud Platform displays the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.Use this area to write the content for the tab.
OTHER SYSLOG DESTINATIONS
In the Token field, enter a token for securely sending your logs to the consuming service.
In the Certificate field, paste a SSL certificate in a format your provider will accept, based on one of the following certificate types:
CA certificate for the server, in PEM format.
Certificate bundle, in PEM format (if you are using client authentication). The bundle is the client certificate in PEM format, followed by the intermediate CA certificates (if present on the server certificate) and root CA certificate in PEM format. A simple way to check what are the intermediate and root CA certificates is to use the openssl command. For example, if you had a log forwarding destination acquia.com on port 443:
$ openssl s_client -showcerts -connect acquia.com:443
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = Massachusetts, L = Boston, O = Acquia Inc,
OU = Operations, CN = \*.acquia.com
...
Note: type QUIT to exit the SSL client.
This shows that there is one root CA (CN = DigiCert High Assurance EV Root CA) and one intermediate CA (CN = DigiCert SHA2 High Assurance Server CA), so the certificate bundle for log forwarding would have to be:
content of the client certificate
content of DigiCert SHA2 High Assurance Server CA
content of DigiCert High Assurance EV Root CA
If you use client authentication, enter the private key in the Private Key field for the client certificate in PEM format.
Select one or more checkboxes for the log files you want to forward to this destination:
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
Pending
Status
Logs > Forward
Legacy log forwarding service
If your application is currently using Acquia’s legacy log forwarding service, contact your Technical Account Manager (TAM) or Acquia Support to learn more about upgrading to the current version of the service.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Token field, enter a token for securely sending your logs to the consuming service. For more information about customer tokens, see Loggly’s documentation..
Select one or more checkboxes for the log files you want to forward to this destination:
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
In the Token field, enter a token for securely sending your logs to Sumologic. For more information about tokens, see Sumologic’s documentation.
In the Certificate field, paste a SSL certificate in PEM format.
Note
Sumologic provides certificates in CRT format. To convert a CRT certificate to PEM format, see the SSL Converter form on SSLShopper.com.
In the Private Key field, enter the private key supplied by Sumologic. This value may be the private key for your SSL certificate, if your certificate requires one.
Select one or more checkboxes for the log files you want to forward to this destination:
Click Submit. Cloud Platform displays the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.Use this area to write the content for the tab.
OTHER SYSLOG DESTINATIONS
In the Token field, enter a token for securely sending your logs to the consuming service.
In the Certificate field, paste a SSL certificate in a format your provider will accept, based on one of the following certificate types:
CA certificate for the server, in PEM format.
Certificate bundle, in PEM format (if you are using client authentication). The bundle is the client certificate in PEM format, followed by the intermediate CA certificates (if present on the server certificate) and root CA certificate in PEM format. A simple way to check what are the intermediate and root CA certificates is to use the openssl command. For example, if you had a log forwarding destination acquia.com on port 443:
$ openssl s_client -showcerts -connect acquia.com:443
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = Massachusetts, L = Boston, O = Acquia Inc,
OU = Operations, CN = \*.acquia.com
...
Note: type QUIT to exit the SSL client.
This shows that there is one root CA (CN = DigiCert High Assurance EV Root CA) and one intermediate CA (CN = DigiCert SHA2 High Assurance Server CA), so the certificate bundle for log forwarding would have to be:
content of the client certificate
content of DigiCert SHA2 High Assurance Server CA
content of DigiCert High Assurance EV Root CA
If you use client authentication, enter the private key in the Private Key field for the client certificate in PEM format.
Select one or more checkboxes for the log files you want to forward to this destination:
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
Pending
Status
Logs > Forward
Legacy log forwarding service
If your application is currently using Acquia’s legacy log forwarding service, contact your Technical Account Manager (TAM) or Acquia Support to learn more about upgrading to the current version of the service.
Cloud Platform