Configuring application log forwarding

You can configure forwarding of Cloud Foundry application logs by using an embedded extension that is included with IBM® Cloud Private Cloud Foundry.

The extension uses the Lumberjack v2 protocol to forward application logs from your IBM Cloud Private Cloud Foundry platform to a remote endpoint, such as a Logstash Beats input plug-in.

The cfp-ext-applog-forwarder extension enables this function, and it supports a number of different configuration options, including secure communications that use TLS and mutual-certificate based authentication. If you want to forward application logs to the built-in ElasticStack in IBM Cloud Private, the ibm-cflogging Helm chart can automatically configure this extension during installation of the chart. For more information, see Connecting to Elasticstack in IBM Cloud Private.

To send application logs to a remote endpoint of your choice, enable the cfp-ext-applog-forwarder extension. You can enable extensions by using a CLI or user interface. To use the CLI, prepare your configuration file according to Configuration values. Next, follow the instructions for Running the extension. Skip the registration step since this embedded extension is included with the product.

If you prefer to use the user interface, the cfp-ext-applog-forwarder offers guided editing of the configuration values. Select a configuration type of Insecure, Server TLS, or Mutual TLS. The user interface displays the required and optional configuration values for the selected scenario. The user interface provides descriptions, sample values, and validation of the configuration values. For information about extensions, see Managing extensions and Configurations.

Configuration values

Provide the following values to configure application log forwarding.

A duplicate Lumberjack v2 endpoint is supported. If enabled, the extension always attempts to forward application logs to both the primary and duplicate endpoints. Each of these configuration values is repeated with lumberjack_logs replaced with lumberjack_logs_dup in the key. For example, to enable the duplicate endpoint, at minimum you must set lumberjack_logs_dup_enabled to true and provide the endpoint address and port as the value for lumberjack_logs_dup_url.

Example Configuration

The configuration values must be specified as children of a uiconfig key as in the following example.

  uiconfig:
    configuration_name: mutual_tls
    lumberjack_logs_enabled: true
    lumberjack_logs_url: log1.logstash.example.com:5000
    lumberjack_logs_use_tls: true
    lumberjack_logs_mutual_tls: true
    lumberjack_logs_server_name: log1.logstash.example.com
    lumberjack_logs_ca_cert: |
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    lumberjack_logs_client_cert: |
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    lumberjack_logs_client_key: |
      -----BEGIN RSA PRIVATE KEY-----
      -----END RSA PRIVATE KEY-----
    lumberjack_logs_dup_enabled: true
    lumberjack_logs_dup_url: log2.logstash.example.com:5000
    lumberjack_logs_dup_use_tls: true
    lumberjack_logs_dup_mutual_tls: true
    lumberjack_logs_dup_server_name: log2.logstash.example.com
    lumberjack_logs_dup_ca_cert: |
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    lumberjack_logs_dup_client_cert: |
      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----
    lumberjack_logs_dup_client_key: |
      -----BEGIN RSA PRIVATE KEY-----
      -----END RSA PRIVATE KEY-----