Setting up remote log streaming

Fastly's Real-Time Log Streaming feature allows you to automatically save logs to a third-party service for storage and analysis. Logs provide an important resource for troubleshooting connectivity problems, pinpointing configuration areas that could use performance tuning, and identifying the causes of service disruptions. We recommend setting up remote log streaming when you start using Fastly.

Configuring logging endpoints

You can configure one or more logging endpoints in the Fastly application. Follow these instructions to access the logging settings:

  1. Log in to the Fastly application.
  2. Click the configure tab (the wrench icon).

    The configure tab

  3. From the Service menu, select the appropriate service and then click the blue Configure button. The main controls for your selected service appear.

  4. From the section list on the left, click Logging. The list of third-party services appears.

    The Logging pane

  5. Follow the instructions in one of our guides for third-party services to complete the set up process and deploy your changes:

Once you've deployed your changes, events will begin being logged immediately. The logs may take a few moments to appear on your log server.

How, when, and where logs are streamed

To control log streaming, Fastly provides two versions of custom log formats, each of which uses Apache-style logging directives. The logging format strings in each of these versions are based on the Common Log Format (CLF).

Logs are streamed over TCP, not UDP, optionally using TLS for security with supported endpoints. Additionally, if you are using custom VCL be sure to include the #FASTLY deliver macro in your vcl_deliver handler.

By default, logs are placed in your root directory every hour using the file naming format YYYY-mm-ddThh:mm:ss-<server id>. You can change both the frequency and path of these files. Fastly uses several different log-server aggregation points and each will send logs files, none of which contain duplicate entries. These log files are created as soon as streaming starts and they're written to over the entire time period you specify (or the default). Once that time has passed, the files aren't touched any more and the logging process creates a new batch of files.

Examples of other useful things you can log

Other useful things you can log include the following:

or any Varnish variable. Consider taking advantage of some of Fastly's extensions to VCL as well.

Escaping characters in logs

Logs respond to VCL like any other object. For example, the following code can escape quotes from User-Agent your log stream:

log {"syslog serviceid endpointname :: "} {"""} regsuball(req.http.user-agent, {"""}, {"\""}) {"""};

Preventing duplicate log entries when using custom VCL

If you use custom VCL commands for logging, you may notice duplicate entries in your logs. This happens because logs are being generated by both the Fastly application and the custom VCL logging commands. You can eliminate the duplicate entries by adding a condition that prevents the Fastly application from generating log entries. Follow these instructions to add the condition:

  1. On the Logging page, click the gear icon next to the logging service you have enabled, and then select Conditions.

    Selecting conditions

    The New Condition window appears.

    Setting the conditions

  2. Fill out the New Condition window as follows:

    • In the Name field, type a human-readable name for the condition.
    • In the Apply If field, type !req.url. That condition will never be met, and is what prevents the Fastly application from generating log entries.
    • Leave the default value set in the Priority field.
  3. Click Create.

The Fastly application will stop generating log entries, and your logs will only contain entries generated by the custom VCL logging commands.

Additional resources:

Back to Top