Log streaming: Logentries

Fastly's Real-Time Log Streaming feature can send log files to Logentries. Logentries is a real-time log management and analytics system that you can use to monitor your Fastly logs.

One-click Logentries account setup

Fastly has partnered with Logentries to offer you a method for automatically creating a Logentries account and configuring a logging endpoint. By using the Logentries one-click integration, you can create a 30 day trial Logentries account with unlimited data. After 30 days, if you don't upgrade to one of the Logentries premium plans, your account will be capped at 5GB per month.

Follow these instructions to create a Logentries logging endpoint and configure the logging endpoint:

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the All services page, select the appropriate service. You can use the search box to search by ID, name, or domain.
  3. Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
  4. Click the Logging link. The Logging endpoints page appears. If you have an existing logging endpoint, click the Create endpoint button.

    the Logentries One-click set up box

  5. In the Logentries One-click setup box, click the Create Account button. The Logentries log is automatically created.
  6. Click the Activate button to deploy your configuration changes.

Accessing your Logentries account

If you created a Logentries account using the one-click integration, you must access your Logentries account from the Fastly web application. Follow these instructions to log in to Logentries:

  1. Log in to the Fastly web interface.
  2. From the All services page, select the appropriate service. You can use the search box to search by ID, name, or domain.
  3. Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
  4. Click the Logging link. The Logging endpoints page appears.

    the Logentries log view link

  5. Click the Logentries log view link to access your Logentries account dashboard.

Manually adding Logentries as a logging endpoint

If you already have a Logentries account, or if you'd prefer to sign up for a Logentries account on the Logentries website, you can manually add Logentries as a logging endpoint in the Fastly web interface.

Prerequisites

  1. Register for a Logentries account.
  2. Create a new log in the Logentries application by following the instructions on the Logentries website.
  3. During new log creation, select Manual Configuration and Token TCP.
  4. Make a note of the token provided in the Logentries configuration panel. We recommend you use this token when you create the Logentries logging endpoint for Fastly services.

Creating the logging endpoint in the web interface

After you've created a new log in Logentries and found the token, follow these instructions to add Logentries as a logging endpoint for Fastly services:

  1. Review the information in our Setting Up Remote Log Streaming guide.
  2. Click the Logentries by Rapid7 Create endpoint button. The Create a Logentries endpoint page appears.
  3. Fill out the Create a Logentries endpoint fields as follows:
    • In the Name field, enter a human-readable name for the endpoint.
    • In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. See our guide on changing log placement for more information.
    • In the Log format field, optionally enter an Apache-style string or VCL variables to use for log formatting. See the example format section for details.
    • In the Token field, enter the token provided in the Logentries configuration panel.
    • From the Region menu, select the region to stream logs to. For older Logentries accounts, where the log view URL starts with https://logentries.com/, select EU. For InsightOps accounts, select the region based on which data storage region you chose on signup for your Rapid7 account. For example, if your log view URL is https://us2.ops.insight.rapid7.com/, then your selected region would be US-2.
  4. Click the Advanced options link of the Create a Logentries endpoint page and decide which of the optional fields to change, if any.
  5. Fill out the Advanced options of the Create a Logentries endpoint page as follows:
    • From the TLS menu, optionally select Yes.
  6. Click the Create button to create the new logging endpoint.
  7. Click the Activate button to deploy your configuration changes.

Example format

The following is an example format string for sending data to Logentries. Our discussion of format strings provides more information.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
  "timestamp": "%{strftime(\{"%Y-%m-%dT%H:%M:%S%z"\}, time.start)}V",
  "client_ip": "%{req.http.Fastly-Client-IP}V",
  "geo_country": "%{client.geo.country_name}V",
  "geo_city": "%{client.geo.city}V",
  "host": "%{if(req.http.Fastly-Orig-Host, req.http.Fastly-Orig-Host, req.http.Host)}V",
  "url": "%{json.escape(req.url)}V",
  "request_method": "%{json.escape(req.method)}V",
  "request_protocol": "%{json.escape(req.proto)}V",
  "request_referer": "%{json.escape(req.http.referer)}V",
  "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
  "response_state": "%{json.escape(fastly_info.state)}V",
  "response_status": %{resp.status}V,
  "response_reason": %{if(resp.response, "%22"+json.escape(resp.response)+"%22", "null")}V,
  "response_body_size": %{resp.body_bytes_written}V,
  "fastly_server": "%{json.escape(server.identity)}V",
  "fastly_is_edge": %{if(fastly.ff.visits_this_service == 0, "true", "false")}V
}

Next steps

Logentries maintains the Fastly Community Pack that leverages custom VCL to provide advanced User-Agent statistics, regional statistics, error tracking, and more.

Back to Top