Platform.sh User Documentation

Observability Suite

This feature is available as part of the Observability Suite. To add the Observability Suite to your project and take advantage of this feature, contact Sales.

Forward Platform.sh and Blackfire logs

Upsun Beta

Access our newest offering - Upsun!

Get your free trial by clicking the link below.

Get your Upsun free trial

You might use a service to analyze logs from various parts of your fleet. You might want to consolidate all your logs in one place that everyone has access to without needing to grant them access to each project individually.

In such cases, forward your logs from Platform.sh and Blackfire to a third-party service. You can use a service with an integration or any service that supports a syslog endpoint or HTTP endpoint.

Log forwarding is available for Grid and Dedicated Gen 3 projects. For Dedicated Gen 2 projects, see how to log remotely with rsyslog. Logs to stdout and stderr are forwarded. Logs in files can’t be forwarded.

To enable log forwarding in a project, you need to be a project admin. You also need your project to have the capability for log forwarding. To get a price quote, contact Sales.

Use a log forwarding integration Anchor to this heading

Certain services have a specific integration for forwarding logs. If your third-party service isn’t supported, you can forward to a syslog endpoint.

Integrated third-party services Anchor to this heading

Integrations exist for the following third-party services to enable log forwarding:

Enable a log forwarding integration Anchor to this heading

Using the CLI Anchor to this heading

To enable log forwarding for a specific project using the Platform.sh CLI, follow the steps for your selected service.

  1. Get an API key from New Relic. You need a license key. Your New Relic organization likely has one, but you can create one by following the New Relic docs.

  2. Choose an API endpoint. You can use the U.S. endpoint https://log-api.newrelic.com/log/v1 or the EU endpoint https://log-api.eu.newrelic.com/log/v1.

  3. Create the integration with the following command:

    platform integration:add --type newrelic --url API_ENDPOINT --license-key LICENSE_KEY

View your logs in the Logs dashboard.

  1. In Splunk, get an Event Collector token on Splunk Platform or Splunk Enterprise.

  2. Determine your host, which is the Splunk instance that’s collecting data.

  3. Choose an index name.

  4. Create the integration with the following command:

    platform integration:add --type splunk --url https://http-inputs.HOST.splunkcloud.com/services/collector/event --index INDEX --token TOKEN

View your logs in the Apps->Search & Reporting dashboard. Filter by the index name to find the relevant events.

  1. In Sumo Logic, configure an HTTP source. Make sure to copy the Source Category and collector URL.

  2. Create the integration with the following command:

    platform integration:add --type sumologic --url COLLECTOR_URL --category SOURCE_CATEGORY

View your logs in the Log Search tab.

To start forwarding logs, trigger a redeploy.

In the Console Anchor to this heading

To enable log forwarding for a specific project from the Console, follow these steps:

  1. Navigate to your project.
  2. Click Settings.
  3. Click Integrations.
  4. Click Add Integration.
  5. Select the integration you want to enable.
  6. In the Configure your integration window, specify your configuration options.
  7. Click Add Integration. The new integration overview is displayed, and you can view your logs in the Activity section.

Forward to a syslog endpoint Anchor to this heading

Syslog is a standard protocol for transferring log messages. Many third-party services offer endpoints for ingesting syslog events. You can forward your Platform.sh and Blackfire logs to any of those endpoints.

To enable log forwarding to a syslog endpoint, run a command similar to the following:

platform integration:add --type syslog --syslog-host INGESTION_HOST --syslog-port INGESTION_HOST_PORT

type, syslog-host, and syslog-port are the only properties required for all endpoints. The following table shows the other available properties:

Property Type Default Description
auth-token string The token to authenticate with the given service.
auth-mode string prefix The mode for authentication with the given service. Can be prefix or structured_data. Defaults to prefix.
facility string 1 (user) A syslog facility code to attach with each log to identify the source. Can be a number from 0 to 23.
message-format string rfc5424 The standard to use for the message format. Can be rfc5424 or rfc3164.
protocol string tls The network protocol to use in the connection. Can be one of tls, tcp, or udp. Defaults to tls.
verify-tls boolean true Whether to verify Transport Layer Security (TLS) certification when using the TLS protocol.

To include a property, add it as a flag, for example --protocol tcp. This should let you connect to any service that has syslog endpoints.

To start forwarding logs, once you’ve added the service trigger a redeploy.

To enable log forwarding to a syslog endpoint for a specific project using the Platform.sh CLI, follow these steps:

  1. Navigate to your project.
  2. Click Settings.
  3. Click Integrations.
  4. Click Add Integration.
  5. Select the syslog integration.
  6. In the Configure your integration window, specify your configuration options.
  7. Click Add Integration. The new integration overview is displayed, and you can view your logs in the Activity section.

Forward to an HTTP endpoint Anchor to this heading

Some third-party services, such as Elasticsearch and OpenSearch, support ingesting log messages through an HTTP endpoint. You can use HTTP forwarding to forward Platform.shand Blackfire logs to such third-party services.

HTTP forwarding makes a POST HTTP request with an application/json body while forwarding the log messages to the endpoint.

As an example, to forward logs to Elasticsearch using HTTP log forwarding, run the following command:

platform integration:add --type httplog --url "https://ELASTICSEARCH_URL/INDEX_NAME/_doc" --header "Authorization: Basic <basic_auth_token>" --header "Content-Type: application/json"

type and url are the only properties required for all endpoints. Optionally, you can use the headers property to pass additional headers in the HTTP requests.

Note that if your endpoint URL includes a PORT, that can also be included in the --url flag:

platform integration:add --type httplog --url "https://ELASTICSEARCH_URL:PORT/INDEX_NAME/_doc" --header "Authorization: Basic <basic_auth_token>" --header "Content-Type: application/json"

Once you’ve added the service, to start forwarding logs trigger a redeploy.

Log levels Anchor to this heading

Your app may output logs with distinct severity levels. But as Plaform.sh only reads logs from stdout, this distinction is lost and everything gets logged at INFO level.

To preserve the original log level, use a language-specific syslog module/package for logging.

The following example code snippets show how logs can be written to Syslog:

openlog("", LOG_PID, LOG_LOCAL0);
syslog(LOG_INFO, "Operation started");
syslog(LOG_ERR, "Operation failed");
closelog();

Using the logging module:

import logging
import logging.handlers

logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
handler = logging.handlers.SysLogHandler(address="/dev/log")
logger.addHandler(handler)

logger.info("Operation started")
logger.error("Operation failed")

Using the Syslog module:

import syslog

syslog.openlog(logoption=syslog.LOG_PID, facility=syslog.LOG_LOCAL0)
syslog.syslog(syslog.LOG_INFO, "Operation started")
syslog.syslog(syslog.LOG_ERR, "Operation failed")
syslog.closelog()

Using the log package:

package main

import (
	"log"
	"log/syslog"
)

func main() {
	logger, err := syslog.NewLogger(syslog.LOG_LOCAL0|syslog.LOG_INFO, log.LstdFlags)
	if err != nil {
		panic(err)
	}

	logger.Println("Operation started...")
	logger.Fatalln("Operation failed")
}

Using the Syslog package:

package main

import (
	"fmt"
	"log"
	"log/syslog"
)

func main() {
	syslogWriter, err := syslog.Dial("", "", syslog.LOG_LOCAL0|syslog.LOG_INFO, "")
	if err != nil {
		log.Fatal(err)
	}
	defer syslogWriter.Close()

	fmt.Fprintf(syslogWriter, "Operation has started")
	syslogWriter.Err("Operation failed")
}

Is this page helpful?