Important
Log forwarding is available only to specific subscription levels with dedicated load balancers. For information about legacy log forwarding for Site Factory subscriptions, see Legacy log forwarding service.
The log forwarding certificates for Splunk, Sumologic, and other syslog destinations must have an expiry greater than 30 days.
The log forwarding feature in Cloud Next environments does not support log egress from static IPs. If you require static IPs for your forwarded logs, contact your account manager.
Many websites must forward their log files to a central location (such as Sumologic, Splunk, or Loggly) for processing and alerting. Acquia uses TLS over TCP to forward the log files you select to a remote destination.
Log forwarding requires dedicated load balancers with your subscription, and is available for the following subscription types:
Cloud Platform Elite
Cloud Platform Premium
Cloud Platform Plus with the Enterprise Security Package add-on
Cloud Platform Enterprise with the Log Forwarding add-on
Cloud Platform Enterprise with an Elite subscription, and an Acquia Technical Account Manager (These users may have the Legacy log forwarding service enabled)
Contact your Account Manager to enable log forwarding for your subscription.
Note
All Cloud Platform subscribers can access Acquia-provided log files in the Cloud Platform interface. For more information, see Streaming log entries in real time.
After log forwarding is enabled for you, assign the Administer log forwarding for non-production environments and Administer log forwarding for your production environment permissions to roles in your organization. By default, the Team Lead and Senior Developer roles can manage log forwarding on all environments, while the Developer role can manage log forwarding on non-production environments only.
To configure log forwarding for Cloud Platform, a user with one of the log forwarding permissions must complete the following steps depending on the log forwarding service you have selected:
To configure log forwarding for Loggly, complete the following steps:
Sign in to the Cloud Platform user interface as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.
Select your application and environment.
In the left menu, click Logs.
Click Forward.
Click ADD DESTINATION.
In the Consumer select box, select Loggly.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Token field, enter a token for securely sending your logs to the consuming service. For more information about customer tokens, see Loggly’s documentation..
Select one or more checkboxes for the log files you want to forward to this destination:
Varnish® (JSON format)
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
To configure log forwarding for Splunk:
Sign in to the Cloud Platform user interface as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.
Select your application and environment.
In the left menu, click Logs.
Click Forward.
Click ADD DESTINATION.
In the Consumer select box, select Splunk.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
In the Certificate field, paste one of the following SSL certificates in PEM format:
The CA certificate for the server
A certificate bundle, with the CA and a client certificate
In the Private Key field, enter the private key supplied by Splunk. This value may be the private key for your SSL certificate, if your certificate requires one.
Select one or more checkboxes for the log files you want to forward to this destination:
Varnish (JSON format)
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
Note
Subscribers using Splunk log forwarding destinations will receive
empty structured data formatted as - instead of [] from the
Splunk server.
To configure log forwarding for Sumologic:
Review the Cloud Syslog Source documentation from Sumologic.
Sign in to the Cloud Platform user interface as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.
Select your application and environment.
In the left menu, click Logs.
Click Forward.
Click ADD DESTINATION.
In the Consumer select box, select Sumologic.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
In the Token field, enter a token for securely sending your logs to Sumologic. For more information about tokens, see Sumologic’s documentation.
In the Certificate field, paste a SSL certificate in PEM format.
Note
Sumologic provides certificates in CRT format. To convert a CRT certificate to PEM format, see the SSL Converter form on SSLShopper.com.
In the Private Key field, enter the private key supplied by Sumologic. This value may be the private key for your SSL certificate, if your certificate requires one.
Select one or more checkboxes for the log files you want to forward to this destination:
Varnish (JSON format)
Click Submit. Cloud Platform displays the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
To configure log forwarding for syslog-based destinations other than Loggly, Splunk, or Sumologic:
Sign in to the Cloud Platform user interface as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.
Select your application and environment.
In the left menu, click Logs.
Click Forward.
Click ADD DESTINATION.
In the Consumer select box, select Syslog, which enables you to forward logs to destinations other than Loggly, Splunk, or Sumologic.
(Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.
Note
If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.
Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:
10.0.0.1:1234
example.com:4567
In the Token field, enter a token for securely sending your logs to the consuming service.
In the Certificate field, paste a SSL certificate in a format your provider will accept, based on one of the following certificate types:
CA certificate for the server, in PEM format.
Certificate bundle, in PEM format (if you are using client authentication). The bundle is the client certificate in PEM format, followed by the intermediate CA certificates (if present on the server certificate) and root CA certificate in PEM format. A simple way to check what are the intermediate and root CA certificates is to use the openssl command. For example, if you had a log forwarding destination acquia.com on port 443:
$ openssl s_client -showcerts -connect acquia.com:443
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = Massachusetts, L = Boston, O = Acquia Inc,
OU = Operations, CN = \*.acquia.com
...
Note: type QUIT to exit the SSL client.
This shows that there is one root CA (CN = DigiCert High Assurance EV Root CA) and one intermediate CA (CN = DigiCert SHA2 High Assurance Server CA), so the certificate bundle for log forwarding would have to be:
content of the client certificate
content of DigiCert SHA2 High Assurance Server CA
content of DigiCert High Assurance EV Root CA
If you use client authentication, enter the private key in the Private Key field for the client certificate in PEM format.
Select one or more checkboxes for the log files you want to forward to this destination:
Varnish (JSON format)
Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.
After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, create a Support ticket.
Note
Subscribers using Syslog log forwarding destinations will receive
empty structured data formatted as - instead of [] from the
Syslog server.
All logs forwarded to your remote destination have additional fields added to the beginning of each line. For more information about this data and its format, see File formats in forwarded log files.
The Cloud Platform user interface allows you to determine the status of the log forwarding process for each of your logs. A log forwarding destination may have one of the following statuses:
Active: Cloud Platform is actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the active text along with an Active icon in the Status column of the Logs > Forward page.
Inactive: Cloud Platform is not actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the inactive text along with an Inactive icon in the Status column of the Logs > Forward page.
Pending: The Cloud Platform log forwarding process is in the pending state during the time it takes a user to complete the following actions:
Create a log forwarding destination
Edit a log forwarding destination
Enable a log forwarding destination
Disable a log forwarding destination
The Cloud Platform user interface will display the pending text along with the Pending icon in the Status column of the Logs > Forward page.
If your application is currently using Acquia’s legacy log forwarding service, contact your Technical Account Manager (TAM) or Acquia Support to learn more about upgrading to the current version of the service.
Note
Acquia Support can only assist with troubleshooting issues related to the new log forwarding infrastructure or customer interface, and cannot assist with troubleshooting issues related to third-party services.
The Cloud Platform API provides endpoints for log forwarding, including:
53 State Street, 10th Floor
Boston, MA 02109
United States
Phone: 888-922-7842