Information for: DEVELOPERS   PARTNERS

Log forwarding in Cloud Platform

Log forwarding is available only to specific subscription levels with dedicated load balancers. For information about legacy log forwarding for Site Factory subscriptions, see Legacy log forwarding service.

Many websites must forward their log files to a central location (such as Sumologic, Splunk, or Loggly) for processing and alerting. Acquia uses TLS over TCP to forward the log files you select to a remote destination.

Log forwarding eligibility

Log forwarding requires dedicated load balancers with your subscription, and is available for the following subscription types:

  • Cloud Platform Elite
  • Cloud Platform Premium
  • Cloud Platform Plus with the Enterprise Security Package add-on
  • Cloud Platform Enterprise with the Log Forwarding add-on
  • Cloud Platform Enterprise with an Elite subscription, and an Acquia Technical Account Manager (These users may have the Legacy log forwarding service enabled)

Contact your Account Manager to enable log forwarding for your subscription.

Note

All Cloud Platform subscribers can access Acquia-provided log files in the Cloud Platform interface. For more information, see Streaming log entries in real time.

Configuring log forwarding

After log forwarding is enabled for you, assign the Administer log forwarding for non-production environments and Administer log forwarding for your production environment permissions to roles in your organization. By default, the Team Lead and Senior Developer roles can manage log forwarding on all environments, while the Developer role can manage log forwarding on non-production environments only.

To configure log forwarding for Cloud Platform, a user with one of the log forwarding permissions must complete the following steps depending on the log forwarding service you have selected:

To configure log forwarding for Loggly, complete the following steps:

  1. Sign in to Cloud Platform as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.
  2. Select your application and environment.
  3. In the left menu, click Logs.
  4. Click Forward.
  5. Click ADD DESTINATION.
  6. In the Consumer select box, select Loggly.
  7. (Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.
  8. In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.
  9. In the Token field, enter a token for securely sending your logs to the consuming service. For more information about customer tokens, see Loggly’s documentation..
  10. Select one or more check boxes for the log files you want to forward to this destination:
  11. Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.

After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, contact Acquia Support.

Although Acquia supports log forwarding to Splunk Enterprise accounts, Splunk Cloud is not supported due to limitations regarding direct TCP log forwarding.

To configure log forwarding for Splunk, complete the following steps:

  1. Sign in to Cloud Platform as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.

  2. Select your application and environment.

  3. In the left menu, click Logs.

  4. Click Forward.

  5. Click ADD DESTINATION.

  6. In the Consumer select box, select Splunk.

  7. (Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.

  8. In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.

  9. In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.

    Note

    If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.

    Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:

    10.0.0.1:1234
    example.com:4567
    
  10. In the Certificate field, paste one of the following SSL certificates in PEM format:

    • The CA certificate for the server
    • A certificate bundle, with the CA and a client certificate
  11. In the Private Key field, enter the private key supplied by Splunk. This value may be the private key for your SSL certificate, if your certificate requires one.

  12. Select one or more check boxes for the log files you want to forward to this destination:

  13. Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.

After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, contact Acquia Support.

Note

Subscribers using Splunk log forwarding destinations will receive empty structured data formatted as - instead of [] from the Splunk server.

To configure log forwarding for Sumologic, complete the following steps:

  1. Review the Cloud Syslog Source documentation from Sumologic.

  2. Sign in to Cloud Platform as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.

  3. Select your application and environment.

  4. In the left menu, click Logs.

  5. Click Forward.

  6. Click ADD DESTINATION.

  7. In the Consumer select box, select Sumologic.

  8. (Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.

  9. In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.

  10. In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.

    Note

    If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.

    Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:

    10.0.0.1:1234
    example.com:4567
    
  11. In the Token field, enter a token for securely sending your logs to Sumologic. For more information about tokens, see Sumologic’s documentation.

  12. In the Certificate field, paste a SSL certificate in PEM format.

    Note

    Sumologic provides certificates in CRT format. To convert a CRT certificate to PEM format, see the SSL Converter form on SSLShopper.com.

  13. In the Private Key field, enter the private key supplied by Sumologic. This value may be the private key for your SSL certificate, if your certificate requires one.

  14. Select one or more check boxes for the log files you want to forward to this destination:

  15. Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.

After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, contact Acquia Support.

Because log forwarding collectors can vary in their configuration requirements, the Cloud Platform log forwarding service may not be compatible with all third-party services.

To configure log forwarding for syslog-based destinations other than Loggly, Splunk, or Sumologic, complete the following steps:

  1. Sign in to Cloud Platform as a user with the Administer log forwarding for non-production environments or Administer log forwarding for your production environment permission.

  2. Select your application and environment.

  3. In the left menu, click Logs.

  4. Click Forward.

  5. Click ADD DESTINATION.

  6. In the Consumer select box, select Syslog, which enables you to forward logs to destinations other than Loggly, Splunk, or Sumologic.

  7. (Optional) In the Copy existing destination section, click Select Destination to copy and use the values from an existing log forwarding configuration of another environment.

  8. In the Name of destination field, enter a human-readable name for the destination of the forwarded logs.

  9. In the Address field, enter the IP address or domain name to which Cloud Platform will send the logs.

    Note

    If you enter a domain name in this field, the domain name must match the entity for which the server certificate was issued.

    Be sure to include the port number (separated from the IP address or domain name with a colon) as indicated in the following examples:

    10.0.0.1:1234
    example.com:4567
    
  10. In the Token field, enter a token for securely sending your logs to the consuming service.

  11. In the Certificate field, paste a SSL certificate in a format your provider will accept, based on one of the following certificate types:

    • CA certificate for the server, in PEM format.

    • Certificate bundle, in PEM format (if you are using client authentication). The bundle is the client certificate in PEM format, followed by the CA certificate in PEM format. An example of the bundle’s format is as follows:

      -----BEGIN CERTIFICATE-----
          (client certificate)
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
          (ca certificate)
      -----END CERTIFICATE-----
      
  12. If you use client authentication, enter the private key in the Private Key field for the client certificate in PEM format.

  13. Select one or more check boxes for the log files you want to forward to this destination:

  14. Click Submit. Cloud Platform will display the list of log forwarding destinations for this subscription.

After you create a log forwarding destination, Cloud Platform-created logs should begin forwarding to your remote destination within five minutes. If logs do not appear at your remote destination based on this expectation, review Common issues with log forwarding. If issues persist, contact Acquia Support.

Note

Subscribers using Syslog log forwarding destinations will receive empty structured data formatted as - instead of [] from the Syslog server.

All logs forwarded to your remote destination have additional fields added to the beginning of each line. For more information about this data and its format, see File formats in forwarded log files.

Learn more by visiting the Acquia Academy (sign-in required) for the video tutorial on How to use Log Forwarding on Cloud Platform.

Determining the log forwarding status

The Cloud Platform user interface allows you to determine the status of the log forwarding process for each of your logs. A log forwarding destination may have one of the following statuses:

  • Active: Cloud Platform is actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the active text along with an Active icon in the Status column of the Logs > Forward page.

  • Inactive: Cloud Platform is not actively forwarding your logs to the log forwarding destination. The Cloud Platform user interface will display the inactive text along with an Inactive icon in the Status column of the Logs > Forward page.

  • Pending: The Cloud Platform log forwarding process is in the pending state during the time it takes a user to complete the following actions:

    • Create a log forwarding destination
    • Edit a log forwarding destination
    • Enable a log forwarding destination
    • Disable a log forwarding destination

    The Cloud Platform user interface will display the pending text along with the Pending icon in the Status column of the Logs > Forward page.

Legacy log forwarding service

If your application is currently using Acquia’s legacy log forwarding service, contact your Technical Account Manager (TAM) or Acquia Support to learn more about upgrading to the current version of the service.

Note

Acquia Support can only assist with troubleshooting issues related to the new log forwarding infrastructure or customer interface, and cannot assist with troubleshooting issues related to third-party services.

Cloud Platform API endpoints for log forwarding

The Cloud Platform API provides endpoints for log forwarding, including: