Collect logs for the Acquia App
This page provides instructions for configuring log collection from Acquia and sending those logs to Sumo Logic for monitoring and analysis in the Acquia App predefined dashboards and searches.
Sumo Logic enables you to collect logs from Acquia, with the ability to configure the log types to be collected. The logs are then forwarded to a Sumo Logic Cloud Syslog Source.
Collection process overview
Configuring log collection for the Acquia App includes the following tasks:
Step 1: Configure a collector
This section walks you through the process of creating a new Sumo Logic hosted collector.
To create a new Sumo Logic hosted collector, do the following:
Step 2: Configure a source
This task shows you how to conifgure a cloud syslog source for Acquia log collection.
Before you begin
It's helpful to know the options you'll need to set before starting a procedure. When you're configuring a cloud syslog source, be sure to specify the following configurations:
Source
- Name. (Required) A name is required, the Description is optional.
- Source Category. (Required) The Source Category metadata field is a fundamental building block to organize and label Sources.
Example: Acquia. For more information, see Best Practices.
Advanced
- Enable Timestamp Parsing. True
- Time Zone. Logs are in UTC by default
- Timestamp Format. Auto Detect
Configuring a cloud syslog source
Step 3: Configure logging for Acquia
In order to start ingesting Acquia Cloud logs you must setup log forwarding in Acquia Cloud.
To configure Acquia log forwarding, follow the instructions in the Acquia documentation.
Log samples
This section provides sample log messages for the following log types that are required Acquia data for more efficient monitoring:
- Apache access logs
- Apache error log
- Drupal request log
- Drupal watchdog log
- FPM access logs
- FPM error logs
- PHP error logs
- Varnish request logs
Apache access log
200.0.0.1 - - [04/Jan/2017:23:20:38 +0000] "GET /contact_us HTTP/1.1" 404 10117 "-" "Pingdom.com bot version 1.4 (http://www.pingdom.com/)" vhost=alphabeta.prod.acquia-sites.com host=www.example.com hosting_site=alphabeta pid=26731 request_time=10186417 forwarded_for="200.0.0.1, 162.0.0.1" request_id="v-00000zzz-d2d4-11e6-9bed-0aeea9eaf9af" location="http://apache.example.com/"
Apache error log
[Fri Aug 18 20:40:36.849360 2017] [access_compat:error] [pid 11069] [client 10.0.0.1:19924] AH01797: client denied by server configuration: /var/www/html/alphabeta/docroot/index.php
Drupal request log
[03/Feb/2017:00:14:36 +0000] www.example.com POST /dashboard http_code=302 query= uid=154496 php_pid=30961 php_time=0.203 queue_wait=0 request_id="v-0000zzzz-e9a5-11e6-98b5-0aeea9eaf9af"
Drupal watchdog log
Aug 18 21:22:01 10.0.0.1 alphabeta: https://www.example.com|1503091321| custom_module|151.0.0.1|https://example.com/documents||0||Warning: Invalid argument supplied for foreach() in views_join->build_join request_id="v-00000000-845b-0000-8178-22000ab832c9"
FPM access log
- - 25/Sep/2018:17:02:35 +0000 "GET /index.php" 200 memory_kb=6144 %cpu=9.16 duration_ms=218.423 request_id="v-00000000-1111-2222-3333-444444444444"
FPM error log
[04-Jan-2017 18:45:13] NOTICE: [pool alphabeta] child 20069 exited with code 0 after 3832.234353 seconds from start
PHP error log
[04-Jan-2017 14:29:27 America/New_York] PHP Fatal error: Allowed memory size of 367001600 bytes exhausted (tried to allocate 352591872 bytes) in /full/path/to/module/notification.php on line 504 request_id="v-0000zzzz-d2b4-0000-b3a4-129zzzzd8266"
Varnish Request log
{ "time":"[12/Dec/2018:23:59:59 +0000]", "status":"304", "bytes":"0", "method":"GET", "host":"website.example.com", "url":"/path/to/page", "referrer":"-", "user_agent":"Browser Name Here", "client_ip":"10.0.1.3", "time_firstbyte":"0.000241", "hitmiss":"hit", "handling":"hit", "forwarded_for":"10.0.1.3, 127.255.255.255", "request_id":"v-00000000-ffff-1111-aaaa-111111111111", "ah_log":"", "ah_application_id":"bbbbbbbb-3333-4444-9999-bbbbbbbbbbbb", "ah_environment":"prod", "ah_trace_id":"ZZZZZZZZZZZZZZ" }
Query example
This section provides examples for Drupal request, Apache access, and PHP error queries.
Drupal request
_sourceCategory=Labs/Acquia drupal-requests | parse "<133>1 * * *.* - - - [*] * * * http_code=* query=* uid=* php_pid=* php_time=* queue_wait=* request_id=\"*\"" as timestamp,lb,host,logtype,time,appurl,method,url,http_code,query,uid,php_id, php_time,queue_wait,request_id | timeslice 1m | count by _timeslice, http_code | transpose row _timeslice column http_code as *
Apache access
_sourceCategory=Labs/Acquia apache-access | parse " - - - * - - [*] \"* * HTTP/1.1\" * * \"*\" \"*\" vhost=* host=* hosting_site=* pid=* request_time=* forwarded_for=\"*\" request_id=\"*\" location=\"*\"" as src_ip,timestamp,method, url,status_code,size,referrer,user_agent,vhost,host,hosting_site,pid,request_time,forwarded_for, request_id,location | where !(status_code matches "2*")
PHP error
_sourceCategory=Labs/Acquia php-errors | parse "* * * * - - - [*] *: * request_id=\"*\"" as head,systime,env,host,time,type,message, request_id | count as count by Type, message | sort by count