Skip to main content
You might use a service to analyze logs from various parts of your fleet. You might want to consolidate all your logs in one place that everyone has access to without needing to grant them access to each project individually. In such cases, forward your logs from Upsun and Blackfire to a third-party service. You can use a service with an integration or any service that supports a syslog endpoint or HTTP endpoint. Log forwarding is available for Grid projects. For Dedicated Gen 2 projects, see how to log remotely with rsyslog. To enable log forwarding in a project, you need to be a project admin. For pricing information for real-time logs forwarding, refer to the Observability and performance monitoring section of the Upsun pricing page.

Which logs are forwarded?

When log forwarding is enabled, Upsun forwards logs sent to journald. By default, Upsun sends the following logs to journald:
  • stdout and stderr logs from your application
    Note: You can configure your application to use syslog to send these (or additional) messages to journald.
  • MariaDB/MySQL slow query logs
  • Redis logs (all except command-level operations and low-level internals)
Logs in files are not forwarded to journald.

Use a log forwarding integration

Certain services have a specific integration for forwarding logs. If your third-party service isn’t supported, you can forward to a syslog endpoint.

Integrated third-party services

Upsun supports forwarding logs not only to custom remote syslog endpoints but also directly to a set of popular third‑party log management and observability services. These integrations allow you to centralize logs from applications, services, and infrastructure into your existing monitoring stack:
  • Sumo Logic – Cloud-based log management and analytics.
  • New Relic – Unified observability platform with logs and metrics.
  • Splunk – Searchable log platform for monitoring and operational intelligence.
  • Datadog – Observability suite with log collection and processing.
  • Loggly – Cloud-native log monitoring, aggregation, and alerting.
  • LogDNA (Mezmo) – Centralized log management and analysis in real time.
  • Papertrail – Real-time log aggregation via syslog.
  • Logz.io – ELK-based log analytics and monitoring.

Enable a log forwarding integration

Using the CLI

To enable log forwarding for a specific project using the Upsun CLI, follow the steps for your selected service.
  1. Get an API key from New Relic. You need a license key. Your New Relic organization likely has one, but you can create one by following the New Relic docs.
  2. Choose an API endpoint. You can use the U.S. endpoint https://log-api.newrelic.com/log/v1 or the EU endpoint https://log-api.eu.newrelic.com/log/v1.
  3. Create the integration with the following command: 
    upsun integration:add --type newrelic --url <VariableBlock name="API_ENDPOINT" /> --license-key <VariableBlock name="LICENSE_KEY" />
View your logs in the Logs dashboard.
To start forwarding logs, trigger a redeploy.

In the Console

To enable log forwarding for a specific project from the Console, follow these steps:
  1. Navigate to your project.
  2. Click Settings.
  3. Click Integrations.
  4. Click Add Integration.
  5. Select the integration you want to enable.
  6. In the Configure your integration window, specify your configuration options.
  7. Click Add Integration. The new integration overview is displayed, and you can view your logs in the Activity section.

Forward to a syslog endpoint

Syslog is a standard protocol for transferring log messages. Many third-party services offer endpoints for ingesting syslog events. You can forward your Upsun and Blackfire logs to any of those endpoints.
To enable log forwarding to a syslog endpoint, run a command similar to the following:
upsun integration:add --type syslog --syslog-host <VariableBlock name="INGESTION_HOST" /> --syslog-port <VariableBlock name="INGESTION_HOST_PORT" />
type, syslog-host, and syslog-port are the only properties required for all endpoints. The following table shows the other available properties:
PropertyTypeDefaultDescription
auth-tokenstringThe token to authenticate with the given service.
auth-modestringprefixThe mode for authentication with the given service. Can be prefix or structured_data. Defaults to prefix.
facilitystring1 (user)A syslog facility code to attach with each log to identify the source. Can be a number from 0 to 23.
message-formatstringrfc5424The standard to use for the message format. Can be rfc5424 or rfc3164.
protocolstringtlsThe network protocol to use in the connection. Can be one of tls, tcp, or udp. Defaults to tls.
verify-tlsbooleantrueWhether to verify Transport Layer Security (TLS) certification when using the TLS protocol.
To include a property, add it as a flag, for example --protocol tcp. This should let you connect to any service that has syslog endpoints.To start forwarding logs, once you’ve added the service trigger a redeploy.

Forward to an HTTP endpoint

Some third-party services, such as Elasticsearch and OpenSearch, support ingesting log messages through an HTTP endpoint. You can use HTTP forwarding to forward Upsun and Blackfire logs to such third-party services. HTTP forwarding makes a POST HTTP request with an application/json body while forwarding the log messages to the endpoint. As an example, to forward logs to Elasticsearch using HTTP log forwarding, run the following command: 
upsun integration:add --type httplog --url "https://<VariableBlock name="ELASTICSEARCH_URL" />/<VariableBlock name="INDEX_NAME" />/_doc" --header "Authorization: Basic <basic_auth_token>" --header "Content-Type: application/json"
type and url are the only properties required for all endpoints. Optionally, you can use the headers property to pass additional headers in the HTTP requests. Note that if your endpoint URL includes a PORT, that can also be included in the --url flag: 
upsun integration:add --type httplog --url "https://<VariableBlock name="ELASTICSEARCH_URL" />:<VariableBlock name="PORT" />/<VariableBlock name="INDEX_NAME" />/_doc" --header "Authorization: Basic <basic_auth_token>" --header "Content-Type: application/json"
Once you’ve added the service, to start forwarding logs trigger a redeploy.

Log levels

Your app may output logs with distinct severity levels. But as Upsun only reads logs from stdout, this distinction is lost and everything gets logged at INFO level. To preserve the original log level, use a language-specific syslog module/package for logging. The following example code snippets show how logs can be written to Syslog: 
openlog("", LOG_PID, LOG_LOCAL0);
syslog(LOG_INFO, "Operation started");
syslog(LOG_ERR, "Operation failed");
closelog();
Last modified on March 11, 2026