Changing log line formats

Fastly's Real-Time Log Streaming feature allows you to change the format that your log messages are delivered in on select logging endpoints. We allow you to choose one of several formats:

  • Blank is the default. There's no prefix — just your log message. This is useful when writing to JSON and CSV files.
  • Classic is a legacy format based on RFC 3164. Read Classic Format for more information.
  • Loggly is a structured syslog prefix format based on RFC 5424.
  • Logplex is a Heroku-style prefixed syslog format.

Using a different log line format

A number of logging endpoints can be updated to use a message format other than the default via either the web interface or the API.

  1. Web interface
  2. API

Follow these instructions to update a logging endpoint using the web interface:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain. You can also click Compute services or CDN services to access a list of services by type.
  3. Click Edit configuration and then select the option to clone the active version.
  4. Click Logging.
  5. Click the name of a logging endpoint you want to edit.
  6. Click Advanced options near the bottom of the page.
  7. In the Select a log line format section, select a log line format for the logging endpoint.
  8. Click Update.
  9. Click Activate to deploy your configuration changes.

Classic Format

Classic is a legacy format based on the RFC 3164 protocol. It is not, however, strictly compliant with RFC 3164. To make logging easier to synchronize across a global network, classic uses timestamps based on the RFC 3339 protocol, which specifies that timestamps include a timezone. RFC 3164, on the other hand, specifies local time without any timezone data.

The following example shows a message in the classic log format.

<134>2016-07-04T22:37:26Z cache-sjc3128 LogTest[62959]: <your log message>

The prefix begins with the message priority (always <134>, which means Facility=Local0, Severity=Informational), followed by the date and time the log was sent (2016-07-04T22:37:26Z), the cache node it came from (in this case, cache-sjc3128), the name of your log (LogTest) and the ID of the process sending it (62959).

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.