Service-Specific Instructions for Streaming App Logs

Page last updated:

This topic provides instructions for configuring some third-party log management services.

Once you have configured a service, refer to the Third-Party Log Management Services topic for instructions on binding your app to the service.

Logit.io

From your Logit.io dashboard:

  1. Identify the Logit ELK stack you want to use.

  2. Click Logstash Configuration.

  3. Note your Logstash Endpoint.

  4. Note your TCP-SSL, TCP, or UDP Port (not the syslog port).

  5. Create the log drain service in Cloud Foundry.

    $ cf cups logit-ssl-drain -l syslog-tls://ENDPOINT:PORT
    

    or

    $ cf cups logit-drain -l syslog://ENDPOINT:PORT
    

  6. Bind the service to an app.

    $ cf bind-service YOUR-CF-APP-NAME logit-ssl-drain
    

    or

    $ cf bind-service YOUR-CF-APP-NAME logit-drain
    

  7. Restage or push the app using one of the following commands:

    $ cf restage YOUR-CF-APP-NAME
    $ cf push YOUR-CF-APP-NAME

    After a short delay, logs begin to appear in Kibana.

Papertrail

From your Papertrail account:

  1. Click Add System.

    Papertrail 02

  2. Click the Other link.

    Papertrail 03

  3. Select I use Cloud Foundry, enter a name, and click Save.

    alt-text=""

  4. Record the URL with port that is displayed after creating the system.

    alt-text=""

  5. Create the log drain service in Cloud Foundry.

    $ cf cups my-logs -l syslog-tls://logs.papertrailapp.com:PORT
    
  6. Bind the service to an app.

    $ cf bind-service APPLICATION-NAME my-logs
    
  7. Restage the app.

    $ cf restage APPLICATION-NAME
    

    After a short delay, logs begin to flow automatically.

  8. Once Papertrail starts receiving log entries, the view automatically updates to the logs viewing page.

    alt-text=""

Splunk

See Streaming App Logs to Splunk for details.

Splunk Storm

From your Splunk Storm account:

  1. Click Add project.

    alt-text=""

  2. Enter the project details.

    alt-text=""

  3. Create a new input for Network data.

    alt-text=""

  4. Manually enter the external IP addresses your Cloud Foundry administrator assigns to outbound traffic.

    alt-text="The Authorized network inputs pane shows the ports the data will be sent to for this project only."

  5. Note the host and port provided for TCP input.

    Splunkstorm 06

  6. Create the log drain service in Cloud Foundry using the displayed TCP host and port.

    $ cf cups my-logs -l syslog://HOST:PORT
    
  7. Bind the service to an app

    $ cf bind-service APPLICATION-NAME my-logs
    
  8. Restage the app

    $ cf restage APPLICATION-NAME
    

    After a short delay, logs begin to flow automatically.

    alt-text=""

    Splunkstorm 09

    alt-text=""

SumoLogic

Note: SumoLogic uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.

From your SumoLogic account:

  1. Click the Add Collector link.

    alt-text=""

  2. Under Add Collector, select Hosted Collector and fill in the details.

    1. In Name, enter ‘Cloud Foundry’.
    2. In Description, enter the purpose of the new collector.
    3. In Category, you can enter the source category, if desired. The collector will set the source category to this value unless it is overwritten by the source metadata.

    alt-text=""

    alt-text=""

  3. In the Manage Collectors and Sources table, in the row for the new collector, click the Add Source link.

    alt-text=""

  4. Under Select a type of Source, select HTTP and fill in the details. An HTTPS URL will be provided.

    1. In Name, leave the entry, 'CloudFoundry’.
    2. In Description, enter a description of the source.
    3. In Source Host, enter the host name for the system from which the log files are being collected.
    4. In Source Category, enter the log category metadata. You can use this later in queries.

    alt-text=""

  5. When the source has been created, a URL will be displayed. You can also view the URL by clicking the Show URL link beside the newly created source in the Manage Collectors and Sources table. Record the URL for the next step.

    alt-text=""

  6. Using the cf CLI, create the log drain service in Cloud Foundry using the source URL you just recorded. Then you will bind the service to an app and restage the app using the syntax shown here. After a short delay, the logs will begin to flow.

    $ cf cups my-logs -l HTTPS-SOURCE-URL
    
  7. Bind the service to an app.

    $ cf bind-service APPLICATION-NAME my-logs
    
  8. Restage the app.

    $ cf restage APPLICATION-NAME
    
  9. In the SumoLogic dashboard, click Manage, then click Status to see a view of the log messages received.

    alt-text=""

  10. Click Search. Place the cursor in the search box, then press Enter to submit an empty search query.

    alt-text=""

Logsene

Note: Logsene uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.

From your Sematext account:

  1. Click the Create App / Logsene App menu item. Enter a name and click Add Application to create the Logsene App.

  2. Create the log drain service in Cloud Foundry using the displayed URL.

    $ cf cups logsene-log-drain -l https://logsene-cf-receiver.sematext.com/YOUR_LOGSENE_TOKEN
    
  3. Bind the log drain to an app. You could optionally bind multiple apps to one log drain.

    $ cf bind-service YOUR-CF-APP-NAME logsene-log-drain
    
  4. Restage the app.

    $ cf restage APPLICATION-NAME
    

    After a short delay, logs begin to flow automatically and appear in the Logsene UI.

Logentries is Not Supported

Cloud Foundry distributes log messages over multiple servers to handle load. Currently, we do not recommend using Logentries as it does not support multiple syslog sources.