Log streaming: LogDNA
Last updated 2023-09-13
Fastly's Real-Time Log Streaming feature can be configured to send logs in a format that is readable by LogDNA. LogDNA is a cloud-based log management system that aggregates system and application logs into a single location.
NOTE
Fastly does not provide direct support for third-party services. Read Fastly's Terms of Service for more information.
Prerequisites
Before adding LogDNA as a logging endpoint for Fastly services, you'll need to perform the following steps:
- Sign up for a LogDNA account if you don't already have one. You can sign up for a free (but restricted plan) or upgrade a LogDNA plan to include more features.
- Set up a new LogDNA syslog source via the LogDNA web application by following their account-tailored log source instructions. Be sure to make note of the port number displayed at the end of the syslog URL when you complete set up. This is the port number you'll enter when setting up LogDNA as a logging endpoint for Fastly.
Adding LogDNA as a logging endpoint
- Deliver services
- Compute services
- Review the information in our guide to setting up remote log streaming.
- In the LogDNA (via Syslog) area, click Create endpoint.
- Fill out the Create a Syslog endpoint fields as follows:
- In the Name field, enter a human-readable name for the endpoint.
- In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. Read our guide on changing log placement for more information.
- In the Log format field, optionally enter an Apache-style string or VCL variables to use for log formatting. Consult the example format section for details.
- In the Syslog address field, enter
syslog-a.logdna.com. In the port field after the colon, enter the LogDNA port number you noted during your LogDNA account setup. - From the TLS menu, select Yes to enable encryption for the syslog endpoint. The TLS Hostname and TLS CA Certificate fields will both appear.
- In the TLS Hostname field, enter
syslog-a.logdna.com. This is the hostname Fastly will use to verify the syslog server's certificate.
- Click the Advanced options link of the Create a Syslog endpoint page and decide which of the optional fields to change, if any.
- Fill out the Advanced options of the Create a Syslog endpoint page as follows:
- In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information.
- Click Create to create the new logging endpoint.
- Click Activate to deploy your configuration changes.
Logs should begin appearing in your LogDNA account a few seconds after you've created the endpoint and deployed your service.
Example format
The following is an example format string for sending data to LogDNA. Our discussion of format strings provides more information.
1{2 "timestamp": "%{strftime(\{"%Y-%m-%dT%H:%M:%S%z"\}, time.start)}V",3 "client_ip": "%{req.http.Fastly-Client-IP}V",4 "geo_country": "%{client.geo.country_name}V",5 "geo_city": "%{client.geo.city}V",6 "host": "%{if(req.http.Fastly-Orig-Host, req.http.Fastly-Orig-Host, req.http.Host)}V",7 "url": "%{json.escape(req.url)}V",8 "request_method": "%{json.escape(req.method)}V",9 "request_protocol": "%{json.escape(req.proto)}V",10 "request_referer": "%{json.escape(req.http.referer)}V",11 "request_user_agent": "%{json.escape(req.http.User-Agent)}V",12 "response_state": "%{json.escape(fastly_info.state)}V",13 "response_status": %{resp.status}V,14 "response_reason": %{if(resp.response, "%22"+json.escape(resp.response)+"%22", "null")}V,15 "response_body_size": %{resp.body_bytes_written}V,16 "fastly_server": "%{json.escape(server.identity)}V",17 "fastly_is_edge": %{if(fastly.ff.visits_this_service == 0, "true", "false")}V18}Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.