How do I use Enclave Log Drains to manage application logs?
Log Drains let you collect stdout and stderr logs from your apps and databases deployed on Aptible and route them to a log destination.
What log destinations are supported?
Aptible can route your logs over the following protocols:
Syslog drains forward your logs to an external syslog server. Syslog drains are typically used with a hosted syslog service, such as Papertrail.
Note that only syslog over TCP + TLS is supported.
Elasticsearch drains forward your logs to an Elasticsearch instance hosted on Aptible.
Also see: How do I set up my own logging stack?
HTTPS log drains forward your logs to an arbitrary host over HTTPS.
Also see: How do I setup a HTTPS log drain?
What is collected?
Aptible collects the
stderr streams from your containers. This
has two important implications:
- Anything you write to
stderris eventually relayed to your log destination. This means that unless you are filtering sensitive data (such as PHI) out of your logs, you must either self-host your log destination (e.g. use ElasticSearch hosted on Aptible), or have a BAA in place with your provider.
- Log output sent to files is not captured by Aptible: if you need something
to show in your Aptible logs, it must be sent to
How do Log Drains work?
First, a centralized collector is deployed for each individual Log Drain you configure in your Aptible environment. The collector’s responsibility is to receive application logs from log forwarders, and route them to your log destination.
Then, every time you launch or restart an app, Aptible deploys log forwarders that capture log output from your app containers and relay it to your centralized collector.
Aptible legacy infrastructure
On Aptible legacy infrastructure, there is only one collector for all your Log Drains. This can cause log routing to crash if one log destination is unavailable. If you are still running on legacy infrastructure, we recommend scheduling an upgrade to our current infrastructure, where log forwarding is more reliable.
Additionally, database logs are not available on Aptible legacy infrastructure.