Changing log line formats

Fastly's Real-Time Log Streaming feature allows you to change the format that your log messages are delivered in on select logging endpoints. We allow you to choose one of several formats:

• Blank is the default. There's no prefix — just your log message. This is useful when writing to JSON and CSV files.
• Classic is a legacy format based on RFC 3164. Read Classic Format for more information.
• Loggly is a structured syslog prefix format based on RFC 5424.
• Logplex is a Heroku-style prefixed syslog format.

Using a different log line format

A number of logging endpoints can be updated to use a message format other than the default via either the Fastly control panel or the API.

Classic Format

Classic is a legacy format based on the RFC 3164 protocol. It is not, however, strictly compliant with RFC 3164. To make logging easier to synchronize across a global network, classic uses timestamps based on the RFC 3339 protocol, which specifies that timestamps include a time zone. RFC 3164, on the other hand, specifies local time without any time zone data.

The following example shows a message in the classic log format.

<134>2016-07-04T22:37:26Z cache-sjc3128 LogTest[62959]: <your log message>

The prefix begins with the message priority (always <134>, which means Facility=Local0, Severity=Informational), followed by the date and time the log was sent (2016-07-04T22:37:26Z), the cache node it came from (in this case, cache-sjc3128), the name of your log (LogTest) and the ID of the process sending it (62959).