-
Notifications
You must be signed in to change notification settings - Fork 217
/
log-management-thirdparty-svc.html.md.erb
201 lines (121 loc) · 8.37 KB
/
log-management-thirdparty-svc.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
---
title: Streaming app logs to third-party services
owner: PCF Metrics
---
Here are instructions for configuring some third-party log management services for your Cloud Foundry apps.
After you configure a service, see [Third-party log management services](./log-management.html) for instructions for binding your app to the service.
## <a id='logit'></a>Logit.io
From your Logit.io dashboard:
1. Identify the Logit ELK stack you want to use.
1. Click Logstash **Configuration**.
1. Note your Logstash **Endpoint**.
1. Note your TCP-SSL, TCP, or UDP **Port** (not the syslog port).
1. Create the log drain service in Cloud Foundry.
<pre class="terminal">
$ cf cups logit-ssl-drain -l syslog-tls://ENDPOINT:PORT
</pre>
or
<pre class="terminal">
$ cf cups logit-drain -l syslog://ENDPOINT:PORT
</pre>
1. Bind the service to an app.
<pre class="terminal">
$ cf bind-service YOUR-CF-APP-NAME logit-ssl-drain
</pre>
or
<pre class="terminal">
$ cf bind-service YOUR-CF-APP-NAME logit-drain
</pre>
1. Restage or push the app using one of these commands:
<pre class="terminal">$ cf restage YOUR-CF-APP-NAME</pre>
<pre class="terminal">$ cf push YOUR-CF-APP-NAME</pre>
After a short delay, logs begin to appear in Kibana.
## <a id='papertrail'></a>Papertrail
From your Papertrail account:
1. Click **Add System**. The Dashboard appears.
1. Click the **Other** link. The **Setup Systems** screen appears.
1. Click **I use Cloud Foundry**, enter a name, and click **Save**.
!["Choose your situation" pane.](../images/third-party-logs/papertrail-04.png)
1. After the system is recorded, the URL, with the port, is displayed. Record the URL and port for later use.
![Message: CloudFoundry will log to "URL." Record the URL.](../images/third-party-logs/papertrail-05.png)
1. Create the log drain service in Cloud Foundry.
<pre class="terminal">
$ cf cups my-logs -l syslog-tls://logs.papertrailapp.com:PORT
</pre>
1. Bind the service to an app.
<pre class="terminal">
$ cf bind-service APPLICATION-NAME my-logs
</pre>
1. Restage the app.
<pre class="terminal">
$ cf restage APPLICATION-NAME
</pre>
After a short delay, logs begin to flow.
1. When Papertrail starts receiving log entries, the view changes to show the logs viewing page.
![Log viewer showing many log messages.](../images/third-party-logs/papertrail-11.png)
## <a id='splunk'></a>Splunk
See [Streaming app logs to splunk](integrate-splunk.html) for details.
## <a id='splunkstorm'></a>Splunk Storm
From your Splunk Storm account:
1. Click **Add project**. On the dialog box that appears, enter the **Project name** and select the **Project time zone**. Click **Continue**.
![Add project page, with fields for Project name and Project time zone.](../images/third-party-logs/splunkstorm-03.png)
2. In **Network data**, create a new input. Under **Network data**, click **Select**. Data is sent directly from your servers, and accepted data types include syslog, syslog-ng, snare, and netcat.
![Network data dialog box.](../images/third-party-logs/splunkstorm-04.png)
3. Under **Add network data**, click **Authorize your IP address** and select **Manually**. Next, enter the external IP addresses your Cloud Foundry administrator assigns to outbound traffic.
![Add network data pane. The options are Automatically or Manually.](../images/third-party-logs/splunkstorm-05.png)
4. Record the host and port provided for TCP input for later use.
![The Authorized network inputs pane shows the ports that data is sent to for this project only.](../images/third-party-logs/splunkstorm-06.png)
5. Using the cf CLI, create the log drain service in Cloud Foundry using the TCP host and port you recorded. Then you bind the service to an app and restage the app using the syntax shown here. After a short delay, the logs begin to flow.
<pre class="terminal">
$ cf cups my-logs -l syslog://HOST:PORT
$ cf bind-service APPLICATION-NAME my-logs
$ cf restage APPLICATION-NAME
</pre>
6. When events begin to appear, click **Data Summary**. The **Data Summary** button appears in the **What to Search** section.
![The What to Search section.](../images/third-party-logs/splunkstorm-09.png)
7. In the **Data Summary** table, click the **loggregator** link to view all incoming log entries from Cloud Foundry.
![The Data Summary table has 3 tabs: Hosts, Sources, and Sourcetypes.](../images/third-party-logs/splunkstorm-10.png)
## <a id='sumologic'></a>SumoLogic
SumoLogic uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.
In your SumoLogic account:
1. Beside **Manage Collectors and Sources**, click the **Add Collector** link.
![The available actions are Upgrade Collectors, Add Collector, and Access Keys.](../images/third-party-logs/sumologic-02.png)
2. Under **Add Collector**, select **Hosted Collector** and fill in the details.
1. In **Name**, enter `Cloud Foundry`.
2. In **Description**, enter the purpose of the new collector.
3. In **Category**, you can enter the source category, if you want. The collector sets the source category to this value unless it is overwritten by the source metadata.
![Add Collector screen.](../images/third-party-logs/sumologic-03a.png)
![Inputs are Name, Description (optional) and Category (optional).](../images/third-party-logs/sumologic-03b.png)
1. Click **Save**.
3. In the **Manage Collectors and Sources** table, in the row for the new collector, click the **Add Source** link.
![The Manage Collectors and Sources table, you can filter the Collectors shown: All Collectors, Running Collectors, and Stopped Collectors.](../images/third-party-logs/sumologic-04.png)
4. Under **Select a type of Source**, select **HTTP** and fill in the details. An HTTPS URL is provided.
1. In **Name**, leave the entry, `Cloud Foundry``.
2. In **Description**, enter a description of the source.
3. In **Source Host**, enter the host name for the system from which the log files are being collected.
4. In **Source Category**, enter the log category metadata. You can use this later in queries.
![Source typo options are: Amazon S3 and HTTP.](../images/third-party-logs/sumologic-05.png)
5. When the source is created, a URL is displayed. You can also view the URL by clicking the **Show URL** link beside the newly created source in the **Manage Collectors and Sources** table. Record the URL for the next step.
![Three options are available in the row: Show URL, Edit, Delete.](../images/third-party-logs/sumologic-06a.png)
6. Using the cf CLI, create the log drain service in Cloud Foundry using the source URL you just recorded. Then you bind the service to an app and restage the app using the syntax shown here. After a short delay, the logs begin to flow.
<pre class="terminal">
$ cf cups my-logs -l HTTPS-SOURCE-URL
$ cf bind-service APPLICATION-NAME my-logs
$ cf restage APPLICATION-NAME
</pre>
7. In the SumoLogic dashboard, click **Manage**, then click **Status** to see a view of the log entries.
![Status shows Total Message Volume](../images/third-party-logs/sumologic-09.png)
8. Click **Search**. Place the pointer in the search box, then click **Enter** to submit an empty search query.
![Search terms page.](../images/third-party-logs/sumologic-10.png)
## <a id='logsene'></a>Logsene
Logsene uses HTTPS for communication. HTTPS is supported in Cloud Foundry v158 and later.
In your Sematext account:
1. Click the [Create App / Logsene App](https://apps.sematext.com/logsene-reports/registerApplication.do) menu item. Enter a name and click **Add Application** to create the Logsene App.
2. Using the cf CLI, create the log drain service using the source URL displayed. Then you bind the service to an app and restage the app using the syntax shown here. After a short delay, the logs begin to flow. The logs appear in the [Logsene UI](https://apps.sematext.com/users-web/services.do#logsene).
<pre class="terminal">
$ cf cups logsene-log-drain -l https://logsene-cf-receiver.sematext.com/YOUR_LOGSENE_TOKEN
$ cf bind-service YOUR-CF-APP-NAME logsene-log-drain
$ cf restage APPLICATION-NAME
</pre>
## <a id='logentries'></a>Logentries is not supported
Using Logentries is discouraged because it does not support multiple syslog sources. Cloud Foundry distributes log entries over multiple servers to handle the load.