Log streaming: SFTP

Fastly's Real-Time Log Streaming feature can send log files to SFTP, a secure file transfer subsystem for the Secure Shell (SSH) protocol. Our SFTP endpoint supports both password-based authentication and SSH public-key authentication, with SSH public-key authentication being preferred. To learn more about SSH public-key authentication, or to learn how to generate public and private key pairs, see this guide.


Fastly does not provide direct support for third-party services. Read Fastly's Terms of Service for more information.

Adding SFTP as a logging endpoint

Follow these instructions to add SFTP as a logging endpoint:

  1. Deliver services
  2. Compute services
  1. Review the information in our guide to setting up remote log streaming.
  2. In the SFTP area, click Create endpoint.

  3. Fill out the Create an SSH File Transfer Protocol (SFTP) endpoint fields as follows:

    • In the Name field, enter a human-readable name for the endpoint.
    • In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, waf_debug (waf_debug_log), and None. Read our guide on changing log placement for more information.
    • In the Log format field, optionally enter an Apache-style string or VCL variables to use for log formatting. Consult the example format section for details.
    • (Optional) In the Timestamp format field, enter a timestamp format for log files. The default is an strftime compatible string. Our guide on changing where log files are written provides more information.
    • In the Address field, enter the hostname or IP address of the SFTP server. In the port field after the colon, enter the port number you're using for SFTP (the default is 22).
    • In the Path field, enter the path to use for storing log files. Leaving the default / in this field means the files will be saved in the root path. We describe this variable in more detail in our guide on changing where log files are written.

    If you save logs on the SFTP server, make sure the directory already exists.

    • In the User field, enter the username used to authenticate to the SFTP server.

    • In the Known hosts field, enter a Host key for each Host you can connect to over SFTP. Each Host key you enter must be on its own line. Known hosts entries should match what’s stored in your known_hosts file located in your home directory (or the local account settings if you're working with macOS or a Windows operating system). A known hosts entry looks like this: ecdsa-sha2-nistp256 aBc123xYz…

      where the is the SFTP IP address, ecdsa-sha2-nistp256 is your Host key algorithm, and aBc123xYz… is your public key.

    • In the Secret key field, enter the SSH secret key used to connect to the server. If both Secret key and Password are entered, the Secret key will be used in preference.

    • In the Password field, enter the password used to authenticate to the SFTP server. If both Password and Secret key are entered, the Secret key will be used in preference.

    • (Optional) In the Period field, enter an interval (in seconds) to control how frequently your log files are rotated. Rotation entails the finalization of one file object and the start of a new one, never removing any previously created file object. This value defaults to 3600 seconds.
  4. Click Advanced options and fill out the fields as follows:

    • In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information.
    • (Optional) In the PGP public key field, enter a PGP public key that Fastly will use to encrypt your log files before writing them to disk. You will only be able to read the contents by decrypting them with your private key. The PGP key should be in PEM (Privacy-Enhanced Mail) format. Read our guide on log encryption for more information.
    • (Optional) In the Compression field, select the compression format you want applied to the log files. Our guide on changing log compression options provides more information.
  5. Click Create to create the new logging endpoint.
  6. Click Activate to deploy your configuration changes.

Example format

The following is an example format string for sending data to an SFTP logging endpoint. Our discussion of format strings provides more information.

2 "timestamp": "%{strftime(\{"%Y-%m-%dT%H:%M:%S%z"\}, time.start)}V",
3 "client_ip": "%{req.http.Fastly-Client-IP}V",
4 "geo_country": "%{client.geo.country_name}V",
5 "geo_city": "%{client.geo.city}V",
6 "host": "%{if(req.http.Fastly-Orig-Host, req.http.Fastly-Orig-Host, req.http.Host)}V",
7 "url": "%{json.escape(req.url)}V",
8 "request_method": "%{json.escape(req.method)}V",
9 "request_protocol": "%{json.escape(req.proto)}V",
10 "request_referer": "%{json.escape(req.http.referer)}V",
11 "request_user_agent": "%{json.escape(req.http.User-Agent)}V",
12 "response_state": "%{json.escape(fastly_info.state)}V",
13 "response_status": %{resp.status}V,
14 "response_reason": %{if(resp.response, "%22"+json.escape(resp.response)+"%22", "null")}V,
15 "response_body_size": %{resp.body_bytes_written}V,
16 "fastly_server": "%{json.escape(server.identity)}V",
17 "fastly_is_edge": %{if(fastly.ff.visits_this_service == 0, "true", "false")}V
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.