Fastly

Fastly is a content delivery network (CDN) that caches HTTP content to improve the experience for those using your site or service. Fastly generates log messages for HTTP requests it receives and can send them in realtime to a Papertrail remote syslog destination.

The result is realtime tail, search, and alerts on Fastly traffic. When logs from related systems and apps are also being transmitted to Papertrail, this provides a complete view of logged activity in one place. If you aren’t familiar with Papertrail, start with a look at the event viewer.

Requirements

  1. A Fastly account. Sign up and read Fastly’s remote log streaming tutorial.
  2. A free Papertrail account.

Setup

Create a log destination

To create a log destination that collects all Fastly logs under a single sender:

  1. Navigate to Log Destinations and click on Alternatives.
  2. Click My system’s hostname changes.
  3. Fill in What should we call it? on the right (for example, Fastly).
  4. Click Save.

Configure Fastly

  1. Log in to the Fastly web interface and click Configure.
  2. From the service menu, select the appropriate service.

    service menu

  3. Click Edit Configuration and select Clone active. The service version page appears.
  4. Click the Logging tab. The Logging page appears.

    logging endpoint

  5. Click the Papertrail logo. The Create a new Papertrail endpoint page appears.

    create empty

  6. In the Description field, enter the name of the endpoint (for example, Papertrail).
  7. In the Address field, enter the hostname and port number from the Papertrail log destination created in Step 1. For example, if the Papertrail log destination had the address logs2.papertrailapp.com:99999, here’s how the resulting Fastly configuration would look:

    create filled-in

Filtering logs

Often 99% or more of log messages from Fastly are successful requests for static assets like images and CSS files. In many cases, these HTTP 2xx and 3xx requests provide little operational value and are worth dropping. On the other hand, requests with HTTP 4xx and 5xx statuses are often very useful.

This filter regular expression can drop logs about requests for static assets, so that log data transfer is not consumed:

GET /.*?\.(css|png|jpg|gif|woff|ico|svg|js)|(GET|POST|HEAD) /.*? (1..|2..|3..|bingbot|Googlebot)

To apply it, visit Log Destinations, click Settings on the Fastly destination, click Add log filter, and paste the filter expression.

Advanced log formatting

Fastly uses format strings to format the log message. The original version 1 log format only provided format string variables for a few items, requiring an X-Log-Message header for anything else.

However, the newer version 2 log format is much more powerful, making the X-Log-Message workaround obsolete. Here’s an example that logs several response headers, among other details:

for=request method=%m path=%U%q fwd=%h status=%>s bytes=%B cache=%{X-Cache}o cache_hits=%{X-Cache-Hits}o timing=%{X-Timer}o

Legacy logging objects can be automatically upgraded during the cloning/editing process.

Questions

We’re happy to help. Ask a question or join our support chat.