Configuring application log forwarding
You can configure forwarding of Cloud Foundry application logs by using an embedded extension that is included with IBM® Cloud Private Cloud Foundry.
The extension uses the Lumberjack v2 protocol to forward application logs from your IBM Cloud Private Cloud Foundry platform to a remote endpoint, such as a Logstash Beats input plug-in.
The cfp-ext-applog-forwarder
extension enables this function, and it supports a number of different configuration options, including secure communications that use TLS and mutual-certificate based authentication. If you want to forward
application logs to the built-in ElasticStack in IBM Cloud Private, the ibm-cflogging
Helm chart can automatically configure this extension during installation of the chart. For more information, see Connecting to Elasticstack in IBM Cloud Private.
To send application logs to a remote endpoint of your choice, enable the cfp-ext-applog-forwarder
extension. You can enable extensions by using a CLI or user interface. To use the CLI, prepare your configuration file according to
Configuration values. Next, follow the instructions for Running the extension. Skip the registration step since this embedded extension is included with the product.
If you prefer to use the user interface, the cfp-ext-applog-forwarder
offers guided editing of the configuration values. Select a configuration type of Insecure
, Server TLS
, or Mutual TLS
. The
user interface displays the required and optional configuration values for the selected scenario. The user interface provides descriptions, sample values, and validation of the configuration values. For information about extensions, see Managing extensions and Configurations.
Configuration values
Provide the following values to configure application log forwarding.
- lumberjack_logs_enabled
Default:false
Set this value totrue
to enable sending application logs to the Lumberjack endpoint - lumberjack_logs_url
IP address or domain name and port of the server to receive application logs - lumberjack_logs_use_tls
Default:false
Set this value totrue
to enable a secure connection to the endpoint - lumberjack_logs_mutual_tls
Default:false
When using TLS, set this value totrue
to enable authentication of the client by using certificates - lumberjack_logs_server_name
Host name of endpoint to be verified when you are using Mutual TLS - lumberjack_logs_ca_cert
Certificate Authority certificate or chain to trust when TLS is enabled, if server certificate is self-signed or signed by a CA that is not available in the default certificate store - lumberjack_logs_client_cert
Client certificate for mutual TLS - lumberjack_logs_client_key
Client key (without passphrase) for mutual TLS
A duplicate Lumberjack v2 endpoint is supported. If enabled, the extension always attempts to forward application logs to both the primary and duplicate endpoints. Each of these configuration values is repeated with lumberjack_logs
replaced with lumberjack_logs_dup
in the key. For example, to enable the duplicate endpoint, at minimum you must set lumberjack_logs_dup_enabled to true
and provide the endpoint address and port as the
value for lumberjack_logs_dup_url.
Example Configuration
The configuration values must be specified as children of a uiconfig key as in the following example.
uiconfig:
configuration_name: mutual_tls
lumberjack_logs_enabled: true
lumberjack_logs_url: log1.logstash.example.com:5000
lumberjack_logs_use_tls: true
lumberjack_logs_mutual_tls: true
lumberjack_logs_server_name: log1.logstash.example.com
lumberjack_logs_ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
lumberjack_logs_client_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
lumberjack_logs_client_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
lumberjack_logs_dup_enabled: true
lumberjack_logs_dup_url: log2.logstash.example.com:5000
lumberjack_logs_dup_use_tls: true
lumberjack_logs_dup_mutual_tls: true
lumberjack_logs_dup_server_name: log2.logstash.example.com
lumberjack_logs_dup_ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
lumberjack_logs_dup_client_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
lumberjack_logs_dup_client_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----