Log streaming: Syslog

Fastly's Real-Time Log Streaming feature can send log files to syslog-based logging software. Syslog is a widely used standard for message logging.

Adding syslog as a logging endpoint

Follow these instructions to add syslog as a logging endpoint:

  1. Review the information in our Setting Up Remote Log Streaming guide.
  2. On the Logging page, find the Syslog endpoints area and click New.

    New Syslog Endpoint button

    The New Syslog endpoint window appears.

    New Syslog Endpoint window

  3. Fill out the New Syslog endpoint fields as follows:

    • In the Name field, type a human-readable name for the endpoint.
    • In the Address field, type the hostname or IP address and port to which logs should be sent. Be sure this port can receive incoming TCP traffic from Fastly. See the firewall considerations section for more information.
    • In the Token field, optionally type a string prefix (line prefix) to send in front of each log line.
    • In the Format String field, optionally type an Apache-style string or VCL variables to use for log formatting. The Apache Common Log format string appears in this field by default. See our guidance on format strings for more information.
    • From the Use TLS menu, select No to disable encryption for the syslog endpoint, or Yes to enable it.
    • In the TLS Hostname field, optionally type the hostname used to verify the syslog server's certificate. This can be either the Common Name (CN) or Subject Alternate Name (SAN).
    • In the TLS CA Certificate field, optionally copy and paste the Certificate Authority (CA) certificate used to verify that the origin server's certificate is valid. This must be in PEM format. Consider uploading the certificate if it's not signed by a well-known certificate authority. This value is not required if your TLS certificate is signed by a well-known authority.
  4. Click Create to create the new logging endpoint.

Adding separators or static strings

To insert a separator or other arbitrary string into the syslog endpoint format:

  1. Create a new header with the following fields:
    • From the Type/Action menus, select request and set
    • In the Destination field, type any suitable header name (for example, http.X-Separator)
    • In the Source field, type any special character or string you want (for example, "|" )
  2. Reference the new header variable in the log format box for your specific provider (for example, req.http.X-Separator).

Syslog facility and severity

The syslog output includes the following facility and severity values:

facility: local0
severity: info

Firewall considerations

Syslog has limited security features. For this reason, it's best to create a firewall for your syslog server and only accept TCP traffic on your configured port from our address blocks. Our list of address blocks is dynamic, so we recommend programmatically obtaining the list from our JSON feed whenever possible.

Back to Top