LOG IN SIGN UP
Documentation

Setting up remote log streaming

Fastly's Real-Time Log Streaming feature allows you to automatically save logs to a third-party service for storage and analysis. Logs provide an important resource for troubleshooting connectivity problems, pinpointing configuration areas that could use performance tuning, and identifying the causes of service disruptions. We recommend setting up remote log streaming when you start using Fastly services.

Configuring logging endpoints

You can configure one or more logging endpoints for Fastly services. Follow these instructions to access the logging settings:

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Edit configuration button and then select Clone active. The service version page appears.
  4. Click the Logging tab. The logging endpoints page appears.

    the logging endpoints page

  5. Follow the instructions in one of our guides for third-party services to complete the set up process and deploy your changes:

Once you've clicked Activate to deploy your changes, events will begin being logged immediately. The logs may take a few moments to appear on your log server.

How, when, and where logs are streamed

To control log streaming, Fastly provides two versions of custom log formats, each of which uses Apache-style logging directives. The logging format strings in each of these versions are based on the Common Log Format (CLF).

Logs are streamed over TCP, not UDP, optionally using TLS for security with supported endpoints. Additionally, if you are using custom VCL be sure to include the #FASTLY deliver macro in your vcl_deliver handler.

By default, logs are placed in your root directory every hour using the file naming format YYYY-mm-ddThh:mm:ss-<server id>. You can change both the frequency and path of these files. Fastly uses several different log-server aggregation points and each will send logs files, none of which contain duplicate entries. These log files are created as soon as streaming starts and they're written to over the entire time period you specify (or the default). Once that time has passed, the files aren't touched any more and the logging process creates a new batch of files.

Examples of other useful things you can log

Other useful things you can log include the following:

You can also log any Varnish variable. Consider taking advantage of some of Fastly's extensions to VCL as well.

Escaping characters in logs

Logs respond to VCL like any other object. For example, the following code can escape quotes from User-Agent your log stream:

log {"syslog serviceid endpointname :: "} {"""} regsuball(req.http.user-agent, {"""}, {"\""}) {"""};

Preventing duplicate log entries when using custom VCL

If you use custom VCL commands for logging, you may notice duplicate entries in your logs. This happens because logs are being generated by both Fastly and the custom VCL logging commands. You can eliminate the duplicate entries by adding a condition that prevents Fastly from generating log entries. Follow these instructions to add the condition:

  1. On the Logging endpoints page, click the Attach a condition link next to the appropriate logging service. The Add a condition window appears.
  2. Click Create a new response condition. The Create a new response condition window appears.
  3. Fill out the Create a new response condition window as follows:
    • Leave the Type menu set to Response.
    • In the Name field, type a human-readable name for the condition.
    • In the Apply if field, type !req.url. That condition will never be met, and is what prevents Fastly from generating log entries.
    • Leave the default value set in the Priority field.
  4. Click Save and apply to.
  5. Click the Activate button to deploy your configuration changes.

Fastly will stop generating log entries, and your logs will only contain entries generated by the custom VCL logging commands.


Additional resources:


Back to Top