Log streaming: Google Cloud Storage
Last updated November 06, 2019
Fastly's Real-Time Log Streaming feature can send log files to Google Cloud Storage (GCS). GCS is an online file storage service used for storing and accessing data on Google's infrastructure. One advantage of using GCS is that you can use Google BigQuery to analyze the log files.
NOTE: Fastly does not provide direct support for third-party services. See Fastly's Terms of Service for more information.
Before adding GCS as a logging endpoint for Fastly services, you will need to:
- Register for a GCS account.
- Create a bucket and service account on Google's website.
- Obtain the
client_emailfrom the JSON file associated with the service account.
- Enable the Google Cloud Storage JSON API.
Creating a GCS bucket
You can create a new GCS bucket to hold the logs, or you can use an existing bucket. Be sure to note the name of the bucket as you will need it later. To learn how to create a GCS bucket, see Google's guide on creating a bucket.
Creating a service account
GCS uses service accounts for third-party application authentication. You will need to create a new service account on Google's website with the role of
Storage Object Creator and make sure you've added it as a member of the GCS bucket you created. To learn how to create a service account, see Google's guide on generating a service account credential. When you create the service account, be sure to set the Key Type to
Obtaining the private key and client email
After you create the service account, a JSON file will be downloaded to your computer. This file contains the credentials for the GCS service account you just created. Open the file with a text editor and make a note of the
Enabling the Google Cloud Storage JSON API
To ensure the Fastly logs are sent to your GCS bucket, you need to enable the Google Cloud Storage JSON API. For more information, see Google's instructions for activating the API.
Adding GCS as a logging endpoint
Follow these instructions to add GCS as a logging endpoint:
- Review the information in our Setting Up Remote Log Streaming guide.
Click the Google Cloud Services Create endpoint button. The Create a Google Cloud Storage (GCS) endpoint page appears.
- Fill out the Create a Google Cloud Storage (GCS) endpoint fields as follows:
- In the Name field, enter a human-readable name for the endpoint.
- In the Log format field, optionally enter an Apache-style string or VCL variables to use for log formatting. The Apache Common Log format string appears in this field by default. Our discussion of format strings provides more information.
- In the Timestamp format field, optionally enter a timestamp format for log files. The default is an
strftimecompatible string. Our guide on changing where log files are written provides more information.
- In the Email field, type the
client_emailaddress listed in the JSON file associated with the service account you created on Google's website.
- In the Bucket name field, type the name of the GCS bucket in which to store the logs.
- In the Secret key field, type the
private_keyvalue listed in the JSON file associated with the service account you created on Google's website. We strip out the JSON newline escape characters for you so don't worry about removing them.
- In the PGP public key field, optionally enter a PGP public key that Fastly will use to encrypt your log files before writing them to disk. You will only be able to read the contents by decrypting them with your private key. The PGP key should be in PEM (Privacy-Enhanced Mail) format. See our guide on log encryption for more information.
- In the Period field, optionally enter an interval (in seconds) to control how frequently your log files are rotated. This value defaults to
Click the Advanced options link of the Create a Google Cloud Storage (GCS) endpoint page and decide which of the optional fields to change, if any.
- Fill out the Advanced options of the Create a Google Cloud Storage (GCS) endpoint page as follows:
- In the Path field, optionally enter the path within the bucket to store the files. The path ends with a trailing slash. If this field is left empty, the files will be saved in the bucket's root path. Our guide on changing where log files are written provides more information.
- In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information.
- In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, None, and waf_debug (waf_debug_log). Selecting None creates a logging object that can only be used in custom VCL. See our guide on WAF logging for more information about
- In the Gzip level field, optionally enter the level of gzip compression you want applied to the log files. You can specify any whole number from
1(fastest and least compressed) to
9(slowest and most compressed). This value defaults to
- Click the Create button to create the new logging endpoint.
- Click the Activate button to deploy your configuration changes.