Compute@Edge log streaming: Syslog

Fastly's Real-Time Log Streaming feature for Compute@Edge services can send log files to syslog-based logging software. Syslog is a widely used standard for message logging.

Adding syslog as a logging endpoint

Follow these instructions to add syslog as a logging endpoint:

1. Review the information in our guide to setting up remote log streaming for Compute@Edge. Additionally, our developer documentation provides more information about logging with Compute@Edge code written in Rust, AssemblyScript, and JavaScript.
2. Click the Syslog Create endpoint button. The Create a Syslog endpoint page appears.
3. Fill out the Create a Syslog endpoint fields as follows:
   • In the Name field, enter the endpoint name you specified in your Compute@Edge code. For example, in our Rust code example, the name is my_endpoint_name.
   • In the Syslog address field, enter the domain name or IP address and port to which logs should be sent. Be sure this port can receive incoming TCP traffic from Fastly. See the firewall considerations section for more information.
   • In the Token field, optionally enter a string prefix (line prefix) to send in front of each log line.
   • From the TLS menu, select No to disable encryption for the syslog endpoint, or Yes to enable it. When you select Yes, additional TLS fields appear.
   • In the TLS hostname field, optionally enter a hostname to verify the logging destination server's certificate. This should be one of the Subject Alternative Name (SAN) fields for the certificate. Common Names (CN) are not supported. This field only appears when you select Yes from the Use TLS menu.
   • In the TLS CA certificate field, optionally copy and paste the certification authority (CA) certificate used to verify that the Syslog server's certificate is valid. The certificate you upload must be in PEM format. Consider uploading the certificate if it's not signed by a well-known certification authority. This value is not required if your TLS certificate is signed by a well-known authority. This field only appears when you select Yes from the Use TLS menu.
   • In the TLS client certificate field, optionally copy and paste the TLS client certificate used to authenticate Fastly to the Syslog server. The TLS client certificate you upload must be in PEM format and must be accompanied by a client key. A TLS client certificate allows your Syslog server to authenticate that Fastly is performing the connection. This field only appears when you select Yes from the Use TLS menu.
   • In the TLS client key field, optionally copy and paste the TLS client key used to authenticate Fastly to the Syslog server. The TLS client key you upload must be in PEM format and must be accompanied by a TLS client certificate. A TLS client key allows your Syslog server to authenticate that Fastly is performing the connection. This field only appears when you select Yes from the Use TLS menu.
4. Click the Advanced options link of the Create a Syslog endpoint page and decide which of the optional fields to change, if any.
5. Fill out the Advanced options of the Create a Syslog endpoint page as follows:
   • In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information. This must be compatible with your Syslog configuration.
6. Click the Create button to create the new logging endpoint.
7. Click the Activate button to deploy your configuration changes.

Recommended log format

Log messages can take on any format you choose because the log line format selected above will affect the overall line sent to and parsed by Syslog.

Syslog facility and severity

The syslog output includes the following facility and severity values:

facility: local0
severity: info

Firewall considerations

Syslog has limited security features. For this reason, it's best to create a firewall for your syslog server and only accept TCP traffic on your configured port from our address blocks. Our list of IP address blocks is dynamic, so we recommend programmatically obtaining the list whenever possible.