Many websites must forward their log files to a central location for processing and alerting. Site Factory subscribers with both an Elite subscription and an Acquia Technical Account Manager have access to a certain amount of this centralized aggregation for collectors by using TLS-based log forwarding.
Legacy log forwarding is supported for remote destinations that support a
generic Syslog destination. Acquia uses syslog-ng
, which uses TLS over TCP.
If you enable log forwarding, Cloud Platform will forward all available logs to
the remote destination.
Note
If you want your logs forwarded to a remote destination, you must request that legacy syslog forwarding be enabled by contacting your Technical Account Manager and providing the following information:
IP address of the infrastructure to which the logs will be sent
Port on which the remote infrastructure is listening, typically port 443
Environment that you want forwarded
CA certificate to use for encrypting traffic - The CA certificate can be either a self-signed or a valid certificate and must not require a password to unlock. The following is an example of the commands used to generate a CA certificate:
openssl genrsa -out acquia-ca.key 2048 && openssl req -x509 -new -nodes -key acquia-ca.key -days 1024 -subj "/C=US/ST=MA/L=Boston/O=Acquia/OU=My Website/CN=Acquia/[email protected]" -out acquia-ca.pem
Legacy log forwarding supports only a single endpoint. Changing your endpoint configuration will require a new ticket.
Legacy log forwarding supports one only X.509 certificate per file. Files containing more than one X.509 certificate will cause remote destination checks to fail.
If log forwarding is enabled, Cloud Platform will forward all generated logs of the following types:
With some configuration, Acquia supports the use of Splunk.
This example shell script provides information about how to set up an Acquia
application and inputs.conf
file to use with Splunk services:
#!/bin/bash -ex
SPLUNK=/opt/splunk/bin
mkdir /opt/splunk/etc/apps/acquia
mkdir -p /opt/splunk/etc/apps/acquia/{default,ssl}
$SPLUNK/genRootCA.sh -d /opt/splunk/etc/apps/acquia/ssl
$SPLUNK/splunk createssl server-cert -d /opt/splunk/etc/apps/acquia/ssl -n splunk-syslog -c $(hostname)
cat > /opt/splunk/etc/apps/acquia/default/inputs.conf <<EOF
[tcp-ssl:5140]
[SSL]
serverCert = \$SPLUNK_HOME/etc/apps/acquia/ssl/splunk-syslog.pem
rootCA = \$SPLUNK_HOME/etc/apps/acquia/ssl/cacert.pem
requireClientCert = false
password = password
EOF
Splunk Cloud is unsupported
Although Acquia supports legacy log forwarding to Splunk Enterprise accounts, Splunk Cloud isn’t supported due to limitations on direct TCP log forwarding.