Log streaming: LogDNA

Fastly's Real-Time Log Streaming feature can be configured to send logs in a format that is readable by LogDNA. LogDNA is a cloud-based log management system that aggregates system and application logs into a single location.

Prerequisites

Before adding LogDNA as a logging endpoint for Fastly services, you'll need to perform the following steps:

• Sign up for a LogDNA account if you don't already have one. You can sign up for a free (but restricted plan) or upgrade a LogDNA plan to include more features.
• Set up a new LogDNA syslog source via the LogDNA web application by following their account-tailored log source instructions. Be sure to make note of the port number displayed at the end of the syslog URL when you complete set up. This is the port number you'll enter when setting up LogDNA as a logging endpoint for Fastly.

Adding LogDNA as a logging endpoint

1. Review the information in our guide to setting up remote log streaming.
2. Click the LogDNA (via Syslog) Create endpoint button. The Create a Syslog endpoint page appears.
3. Fill out the Create a Syslog endpoint fields as follows:
   • In the Name field, enter a human-readable name for the endpoint.
   • In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. Read our guide on changing log placement for more information.
   • In the Log format field, optionally enter an Apache-style string or VCL variables to use for log formatting. Consult the example format section for details.
   • In the Syslog address field, enter syslog-a.logdna.com. In the port field after the colon, enter the LogDNA port number you noted during your LogDNA account setup.
   • From the TLS menu, select Yes to enable encryption for the syslog endpoint. The TLS Hostname and TLS CA Certificate fields will both appear.
   • In the TLS Hostname field, enter syslog-a.logdna.com. This is the hostname Fastly will use to verify the syslog server's certificate.
4. Click the Advanced options link of the Create a Syslog endpoint page and decide which of the optional fields to change, if any.
5. Fill out the Advanced options of the Create a Syslog endpoint page as follows:
   • In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information.
6. Click the Create button to create the new logging endpoint.
7. Click the Activate button to deploy your configuration changes.

Logs should begin appearing in your LogDNA account a few seconds after you've created the endpoint and deployed your service.

Example format

The following is an example format string for sending data to LogDNA. Our discussion of format strings provides more information.

1{
2  "timestamp": "%{strftime(\{"%Y-%m-%dT%H:%M:%S%z"\}, time.start)}V",
3  "client_ip": "%{req.http.Fastly-Client-IP}V",
4  "geo_country": "%{client.geo.country_name}V",
5  "geo_city": "%{client.geo.city}V",
6  "host": "%{if(req.http.Fastly-Orig-Host, req.http.Fastly-Orig-Host, req.http.Host)}V",
7  "url": "%{json.escape(req.url)}V",
8  "request_method": "%{json.escape(req.method)}V",
9  "request_protocol": "%{json.escape(req.proto)}V",
10  "request_referer": "%{json.escape(req.http.referer)}V",
11  "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
12  "response_state": "%{json.escape(fastly_info.state)}V",
13  "response_status": %{resp.status}V,
14  "response_reason": %{if(resp.response, "%22"+json.escape(resp.response)+"%22", "null")}V,
15  "response_body_size": %{resp.body_bytes_written}V,
16  "fastly_server": "%{json.escape(server.identity)}V",
17  "fastly_is_edge": %{if(fastly.ff.visits_this_service == 0, "true", "false")}V
18}