---
title: "Legacy log forwarding service"
date: "2024-02-14T06:18:38+00:00"
summary: "Securely forward logs from your Acquia Site Factory to a central location for processing and alerting. Available for Elite subscribers with a Technical Account Manager, this service uses TLS-based Syslog forwarding for enhanced data management."
image:
type: "page"
url: "/acquia-cloud-platform/legacy-log-forwarding-service"
id: "d0014e3e-7cd3-43e0-91dc-185258e4362b"
---

Note

Legacy log forwarding is available only to Site Factory subscriptions with an [Elite subscription](/service-offerings/guide/sla#support-overview-acquia-subs) and an [Acquia Technical Account Manager](../../../../guide/tam.html). For information about the log forwarding service available for Cloud Platform Enterprise, see [Log forwarding in Cloud Platform](/acquia-cloud-platform/monitor-apps/logs/forwarding).

Many websites must forward their log files to a central location for processing and alerting. Site Factory subscribers with both an [Elite subscription](/service-offerings/guide/sla#support-overview-acquia-subs) and an [Acquia Technical Account Manager](../../../../guide/tam.html) have access to a certain amount of this centralized aggregation for collectors by using TLS-based log forwarding.

Legacy log forwarding is supported for remote destinations that support a generic Syslog destination. Acquia uses `syslog-ng`, which uses TLS over TCP. If you enable log forwarding, Cloud Platform will forward all available logs to the remote destination.

Note

*   Legacy log forwarding is provided on a best-effort basis, and isn’t guaranteed.
*   You can also view many Acquia-provided log files in the Cloud Platform interface. For more information about how to do this, see [Streaming log entries in real time](/acquia-cloud-platform/monitor-apps/logstream).
*   New Relic is not supported as a [log forwarding](/acquia-cloud-platform/log-forwarding-cloud-platform "Log forwarding in Cloud Platform") destination in Cloud Platform.

Procedure
---------

If you want your logs forwarded to a remote destination, you must request that legacy syslog forwarding be enabled by contacting your Technical Account Manager and providing the following information:

*   IP address of the infrastructure to which the logs will be sent
*   Port on which the remote infrastructure is listening, typically port 443
*   Environment that you want forwarded
*   CA certificate to use for encrypting traffic - The CA certificate can be either a self-signed or a valid certificate and must not require a password to unlock. The following is an example of the commands used to generate a CA certificate:
    
        openssl genrsa -out acquia-ca.key 2048 && openssl req -x509 -new -nodes -key acquia-ca.key -days 1024 -subj "/C=US/ST=MA/L=Boston/O=Acquia/OU=My Website/CN=Acquia/emailAddress=my-username@acquia.com" -out acquia-ca.pem
    

Legacy log forwarding supports only a single endpoint. Changing your endpoint configuration will require a new ticket.

Legacy log forwarding supports one only X.509 certificate per file. Files containing more than one X.509 certificate will cause remote destination checks to fail.

Legacy log forwarding availability
----------------------------------

If log forwarding is enabled, Cloud Platform will forward all generated logs of the following types:

*   [Apache](/acquia-cloud-platform/monitor-apps/logs/apache-access)
*   [Apache error](/acquia-cloud-platform/monitor-apps/logs/apache-error)
*   [Drupal request](/acquia-cloud-platform/monitor-apps/logs/drupal-requests)
*   [Drupal watchdog](/acquia-cloud-platform/monitor-apps/logs/drupal-watchdog)
*   FPM access
*   [FPM error](/acquia-cloud-platform/monitor-apps/logs/fpm-error)
*   [PHP error](/acquia-cloud-platform/monitor-apps/logs/php-error)
*   [Varnish®](/acquia-cloud-platform/monitor-apps/logs/varnish-request) _(Only for websites with dedicated balancers. Logs from shared balancers aren’t supported. Forwarding Varnish logging isn’t enabled by default.)_

Legacy log forwarding to Splunk
-------------------------------

With some configuration, Acquia supports the use of [Splunk](https://www.splunk.com/).

This example shell script provides information about how to set up an Acquia application and `inputs.conf` file to use with Splunk services:

    #!/bin/bash -ex
    SPLUNK=/opt/splunk/bin
    mkdir /opt/splunk/etc/apps/acquia
    mkdir -p /opt/splunk/etc/apps/acquia/{default,ssl}
    $SPLUNK/genRootCA.sh -d /opt/splunk/etc/apps/acquia/ssl
    $SPLUNK/splunk createssl server-cert -d /opt/splunk/etc/apps/acquia/ssl -n splunk-syslog -c $(hostname)
    
    cat > /opt/splunk/etc/apps/acquia/default/inputs.conf <<EOF
    [tcp-ssl:5140]
    
    [SSL]
    serverCert = \$SPLUNK_HOME/etc/apps/acquia/ssl/splunk-syslog.pem
    rootCA = \$SPLUNK_HOME/etc/apps/acquia/ssl/cacert.pem
    requireClientCert = false
    password = password
    EOF

Splunk Cloud is unsupported

Although Acquia supports legacy log forwarding to Splunk Enterprise accounts, Splunk Cloud isn’t supported due to limitations on direct TCP log forwarding.

More information about legacy log forwarding
--------------------------------------------

Acquia’s legacy log forwarding service doesn’t support other services, such as [Sumologic](https://www.sumologic.com/) or [Loggly](https://www.loggly.com/).

Although it may be possible for you to forward logs to your own custom endpoints, Acquia Support can’t provide any help with those attempts.