- About the web interface controls
- Always-on DDoS mitigation
- Browser recommendations when using the Fastly web interface
- Content and its delivery
- Fastly POP locations
- Getting started with Fastly
- How caching and CDNs work
- How Fastly's CDN Service works
- HTTP status codes cached by default
- Self-provisioned Fastly services
- Sign up and create your first service
- Working with services
Domains & Origins
Domains & Origins
- Changing origins based on user location
- Connecting to origins
- Enabling global POPs
- Failover configuration
- IPv6 support
- Maintaining separate HTTP and HTTPS requests to origin servers
- Routing assets to different origins
- Setting up redundant origin servers
- Specifying an override host
- Using Fastly with apex domains
- Accept-Language header VCL features
- Authenticating before returning a request
- Basic authentication
- Creating location-based tagging
- Custom responses that don't hit origin servers
- Delivering different content to different devices
- Enabling URL token validation
- Guide to VCL
- Isolating header values without regular expressions
- Manipulating the cache key
- IP geolocation variables: Migrating to the new dataset
- Overriding which IP address the geolocation features use
- Response Cookie handling
- Support for the Edge-Control header
- Understanding the different PASS action behaviors
- Using edge side includes (ESI)
- VCL regular expression cheat sheet
Access Control Lists
Monitoring and testing
- Domain validation for TLS certificates
- Enabling HSTS through Fastly
- Forcing a TLS redirect
- Managing domains on TLS certificates
- Serving HTTPS traffic using certificates you manage
- Serving HTTPS traffic using Fastly-managed certificates
- Setting up free TLS
- TLS key and certificate replacement
- TLS termination
Web Application Firewall
- Log streaming: Amazon S3
- Log streaming: Microsoft Azure Blob Storage
- Log streaming: Cloud Files
- Log streaming: Datadog
- Log streaming: DigitalOcean Spaces
- Log streaming: Elasticsearch
- Log streaming: FTP
- Log streaming: Google BigQuery
- Log streaming: Google Cloud Storage
- Log streaming: Honeycomb
- Log streaming: Kafka
- Log streaming: Log Shuttle
- Log streaming: LogDNA
- Log streaming: Logentries
- Log streaming: Loggly
- Log streaming: Heroku's Logplex
- Log streaming: OpenStack
- Log streaming: Papertrail
- Log streaming: Scalyr
- Log streaming: SFTP
- Log streaming: Splunk
- Log streaming: Sumo Logic
- Log streaming: Syslog
User access and control
Log streaming: SFTP
Last updated November 06, 2019
Fastly's Real-Time Log Streaming feature can send log files to SFTP, a secure file transfer subsystem for the Secure Shell (SSH) protocol. Our SFTP endpoint supports both password-based authentication and SSH public-key authentication, with SSH public-key authentication being preferred. To learn more about SSH public-key authentication, or to learn how to generate public and private key pairs, see this guide.
NOTE: Fastly does not provide direct support for third-party services. See Fastly's Terms of Service for more information.
Adding SFTP as a logging endpoint
Follow these instructions to add SFTP as a logging endpoint:
- Review the information in our Setting Up Remote Log Streaming guide.
Click the SFTP Create endpoint button. The Create an SSH File Transfer Protocol (SFTP) endpoint page appears.
- Fill out the Create an SSH File Transfer Protocol (SFTP) endpoint fields as follows:
- In the Name field, type a human-readable name for the endpoint.
- In the Log format field, optionally type an Apache-style string or VCL variables to use for log formatting. The Apache Common Log format string appears in this field by default.
- In the Timestamp format field, optionally type a timestamp format for log files. The default is an
strftimecompatible string. Our guide on changing where log files are written](/en/guides/changing-where-log-files-are-written) provides more information.
- In the Address field, type the hostname or IP address of the SFTP server. In the port field after the colon, type the port number you're using for SFTP (the default is
- In the Path field, type the path to use for storing log files. Leaving the default
/in this field means the files will be saved in the root path. We describe this variable in more detail in our guide on changing where log files are written.
TIP: If you save logs on the SFTP server, make sure the directory already exists.
- In the User field, type the username used to authenticate to the SFTP server.
In the Known hosts field, type a host key for each host you can connect to over SFTP. Each host key you enter must be on its own line. Known hosts entries should match what’s stored in your known_hosts file located in your home directory (or the local account settings if you're working with a Mac or Windows operating system). A known hosts entry looks like this:
18.104.22.168 ecdsa-sha2-nistp256 aBc123xYz…
22.214.171.124is the SFTP IP address,
ecdsa-sha2-nistp256is your host key algorithm, and
aBc123xYz…is your public key.
- In the Secret key field, type the SSH secret key used to connect to the server. If both Secret key and Password are entered, the Secret key will be used in preference.
- In the Password field, type the password used to authenticate to the SFTP server. If both Password and Secret key are entered, the Secret key will be used in preference.
- In the Period field, type an interval (in seconds) to control how frequently your log files are rotated. This value defaults to 3600 seconds.
Click the Advanced options link of the Create an SSH File Transfer Protocol (SFTP) endpoint page and decide which of the optional fields to change, if any.
- Fill out the Advanced options of the Create an SSH File Transfer Protocol (SFTP) endpoint as follows:
- In the Select a log line format area, select the log line format for your log messages. Our guide on changing log line formats provides more information.
- In the PGP public key field, optionally type a PGP public key that Fastly will use to encrypt your log files before writing them to disk. You only can read the contents by decrypting them with your private key. The PGP key should be in PEM (Privacy-Enhanced Mail) format. Our guide on log encryption provides more information.
- In the Placement area, select where the logging call should be placed in the generated VCL. Valid values are Format Version Default, None, and waf_debug (waf_debug_log). Selecting None creates a logging object that can only be used in custom VCL. See our guide on WAF logging for more information about
- In the Gzip level field, optionally type the level of gzip compression you want applied to the log files. You can specify any whole number from
1(fastest and least compressed) to
9(slowest and most compressed). This value defaults to
- Click the Create button to create the new logging endpoint.
- Click the Activate button to deploy your configuration changes.