Streaming App Logs to Log Management Services

Page last updated:

This topic describes how to drain logs from Cloud Foundry to a third-party log management service.

Cloud Foundry aggregates logs for all instances of your apps as well as for requests made to your apps through internal components of Cloud Foundry. For example, when the Cloud Foundry Router forwards a request to an app, the Router records that event in the log stream for that app. Run the following command to access the log stream for an app in the terminal:

$ cf logs YOUR-APP-NAME

If you want to persist more than the limited amount of logging information that Cloud Foundry can buffer, drain these logs to a log management service.

For more information about the systems responsible for log aggregation and streaming in Cloud Foundry, see App Logging in Cloud Foundry.

Using Services from the Cloud Foundry Marketplace

Your Cloud Foundry marketplace may offer one or more log management services. To use one of these services, create an instance of the service and bind it to your app with the following commands:

$ cf bind-service YOUR-APP YOUR-LOG-STORE

For more information about service instance lifecycle management, see Managing Service Instances.

Note: Not all marketplace services support syslog drains. Some services implement an integration with Cloud Foundry that enables automated streaming of app syslogs. If you are interested in building services for Ops Manager and making them available to end users, see Services.

Using Services Not Available in Your Marketplace

If a compatible log management service is not available in your Cloud Foundry marketplace, you can use user-provided service instances to stream app logs to a service of your choice. For more information, see the Stream App Logs to a Service section of the User-Provided Service Instances topic.

You can install and use the CF Drain CLI Plugin to create and manage user-provided syslog drains from the CF command-line interface (cf CLI).

You may need to prepare your log management service to receive app logs from Cloud Foundry. For specific instructions for several popular services, see Service-Specific Instructions for Streaming App Logs. If you cannot find instructions for your service, follow the generic instructions below.

Step 1: Configure the Log Management Service

To set up a communication channel between the log management service and your Cloud Foundry deployment:

  1. Obtain the external IP addresses that your Ops Manager admin assigns to outbound traffic.

  2. Provide these IP addresses to the log management service. The specific steps to configure a third-party log management service depend on the service.

  3. Add these IP addresses to your allow list to ensure unrestricted log routing to your log management service.

  4. Record the syslog URL provided by the third-party service. Third-party services typically provide a syslog URL to use as an endpoint for incoming log data. You use this syslog URL in Step 2: Create a User-Provided Service Instance.

    Cloud Foundry uses the syslog URL to route messages to the service. The syslog URL has a scheme of syslog, syslog-tls, or https, and can include a port number. For example:


Note: TAS for VMs does not support using syslog-tls or https with self-signed certificates. If you are running your own syslog server and want to use syslog-tls or https, you must have an SSL certificate signed by a well-known certificate authority.

Step 2: Create and Bind a User-Provided Service Instance

You can create a syslog drain service and bind apps to it using either generic Cloud Foundry Command Line Interface (cf CLI) commands, or drain-specific commands enabled by the CF Drain plugin for the cf CLI.

Each option is described below.

With the CF Drain CLI Plugin

  1. If the CF Drain CLI Plugin is not installed on your local workstation, follow the Installing Plugin instructions in the plugin source repository on GitHub.

  2. Decide whether to bind the drain to a single app or all apps in a space, and run the corresponding command:

    • Single app:



    • All apps in a space:

      cf drain-space --drain-name DRAIN-NAME --drain-url SYSLOG-DRAIN-URL --username USERNAME


      • DRAIN-NAME is the name of the app from which to stream logs.
      • SYSLOG-DRAIN-URL is the syslog URL from Step 1: Configure the Log Management Service.
      • USERNAME is the username to use when pushing the app. If you do not specify a username, you must have admin permissions because the plugin will create a user.

After a short delay, logs begin to flow automatically.

For CF Drain commands, see the Usage section of the CF Drain plugin source repository on GitHub. For general CF service commands, see Managing Service Instances with the CLI.

With General cf CLI Service Commands

Note: To bind a drain to all apps in a space with a single command, you must use the CF Drain CLI Plugin as described in the previous section.

  1. To create the service instance, run cf create-user-provided-service (or cf cups) with the -l flag, filling in values as follows:

  2. To bind an app to the service instance, do one of the following:

    • Run cf push with a manifest. The services block in the manifest must specify the service instance that you want to bind.
    • Run cf bind-service:
      $ cf bind-service YOUR-APP-NAME DRAIN-NAME

After a short delay, logs begin to flow automatically.

For more information, see Managing Service Instances with the CLI.

Step 3: Verify Logs Are Draining

To verify that logs are draining correctly to a third-party log management service:

  1. Take actions that produce log messages, such as making requests of your app.

  2. Compare the logs displayed in the CLI against those displayed by the log management service.

For example, if your app serves web pages, you can send HTTP requests to the app. In Cloud Foundry, these generate Router log messages, which you can view in the CLI. Your third-party log management service should display corresponding messages.

Note: For security reasons, Cloud Foundry apps do not respond to ping. You cannot use ping to generate log entries.

CF Drain CLI Plugin

The CF Drain CLI plugin extends the cf CLI by adding simple commands for user-provided syslog drains. You can also use the plugin to bind all apps in a space to a syslog drain. This option includes app, space, and org names in the drain. It also binds any new apps pushed to the space.

Installation: To install the CF Drain CLI plugin, see the Installing Plugin instructions in the plugin source repository on GitHub.

Commands: The plugin adds commands for creating, deleting, and listing syslog drains, and for binding apps to the drains. For more information, see the Usage section of the plugin source repository on GitHub.