Basics

Domains & Origins

Configuration

Caching

Conditions

Custom VCL

Dictionaries

Domains & Origins

Headers

Image optimization

About Fastly Image Optimizer

Load balancing

Performance

Purging

Requests

Responses

Video

Security

Access Control Lists

Securing communications

Security measures

TLS

Web Application Firewall

Legacy Web Application Firewall

Integrations

Logging endpoints

Non-Fastly services

Diagnostics

Common errors

Debugging techniques

Streaming logs

Account info

Account management

Billing

User access and control

Reference

Changing log line formats

Last updated November 06, 2019

Fastly's Real-Time Log Streaming feature allows you to change the format that your log messages are delivered in on select logging endpoints. By default, we send log messages out in standard syslog format. The prefix for this format (as defined in RFC 3164) appears as follows:

 <134>2016-07-04T22:37:26Z cache-sjc3128 LogTest[62959]: <your log message>

The prefix begins with the message priority (always <134>, which means Facility=Local0, Severity=Informational), followed the date and time the log was sent (2016-07-04T22:37:26Z), the cache node it came from (in this case cache-sjc3128), the name of your log (LogTest) and the ID of the process sending it (62959).

Available log line message formats

Although the default message prefix works for most logging services and processors, we allow you to choose one of several formats:

classic is the default prefix format. A standard syslog prefix as defined by RFC 3164.
loggly is a structured syslog prefix format based on RFC 5424.
logplex is a Heroku-style length prefixed syslog format.
blank means no prefix. Just your log message. Useful when writing to JSON and CSV files.

Updating endpoints to use a different format

A number of logging endpoints can be updated to use a message format other than the default via either the web interface or the API.

Using the web interface

Follow these instructions to update a logging endpoint using the web interface:

Log in to the Fastly web interface.
From the All services page, select the appropriate service. You can use the search box to search by ID, name, or domain.
Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
Click the Logging link. The Logging endpoints page appears.
Click the name of a logging endpoint you want to edit. The Edit this endpoint page appears.
Click the Advanced options link near the bottom of the page. The Advanced options appear.
In the Select a log line format section, select a log line format for the logging endpoint.
Click the Update button.
Click the Activate button to deploy your configuration changes.

Using the API

Run the following command to update a logging endpoint using the API:

curl -X PUT -H 'Fastly-Key: FASTLY_API_TOKEN' -H 'Content-Type: application/json' 'https://api.fastly.com/service/<your Fastly service ID>/version/<version number>/logging/<logging endpoint>/<log name>' --data-binary '{"message_type":"<type>"}'

Keep in mind that the message_type field is a per-object field. Updating it on one logging object will not change it on any other objects.

For example, to update a Google Cloud Storage logging endpoint named "GCS Test" to use the blank message type, the cURL command would look something like this:

curl -X PUT -H 'Fastly-Key: FASTLY_API_TOKEN' -H 'Content-Type: application/json' 'https://api.fastly.com/service/SU1Z0isxPaozGVKXdv0eY/version/1/logging/gcs/GCS%20Test' --data-binary '{"message_type":"blank"}'

NOTE: The log name included a space that needed to be URL encoded (the space into %20).