Support Center

Archiving Logs to Amazon’s S3

Once logs age past your log retention period, they’re no longer accessible. What if you need them? Well, we can facilitate log archiving by sending logs to an Amazon Web Services (AWS) S3 bucket. Logs in an S3 bucket are kept forever, or until you remove them, so you’ll always have a copy handy if you need them for historical trend analysis, auditing, or other purposes. Log archiving is a service that’s available to our Production tier. The S3 bucket is a separate product maintained through AWS. We cannot help create or maintain accounts with AWS. We’ll give you the overview of how to set up archiving here and point you to Amazon’s extensive documentation on all things AWS, when necessary.

Step 1: Create an account on AWS

If you don’t already have one, you’ll have to create an Amazon account.

Step 2: Create an S3 bucket

After you’ve setup an account you’ll have to set up a bucket that we can send logs to. Check out Amazon’s documentation on setting up a new bucket. Ignore the “Set Up Logging” button. You’ll come back into our product to do that.

Create an S3 bucket

Create an S3 bucket

 

Step 3: Give us permission within AWS to write to the bucket

Once you have the bucket created:

  • Select the bucket in the buckets panel and click the “Properties” tab.
  • Click the “Permissions” tab
  • Click the “Add More Permissions” button
  • In the ‘grantee’ field, enter aws@loggly.com
  • Check the boxes for “List”, “Upload/Delete”, and “View Permissions”
  • Click “Save” in the lower-right corner
S3 Permissions

S3 Permissions

Should you need further help with this, AWS has documentation on editing bucket permissions.

Step 4: Establish your new S3 bucket with Loggly

Now we come back to our Loggly. Once you’ve set up an account and an S3 bucket, you’ll need to give us your credentials so we can write to the bucket. Only account owners can set up archiving within Loggly. If that’s not you, contact the account owner before you can continue. If you are the account owner (lucky you!) go to the account page in Loggly and select archiving. Enter the name of the S3 Bucket you created.

S3_bucket_setup

Step 5: We send logs to your S3 bucket.

That’s all you need to do. Once we verify access to your S3 bucket, we’ll write logs in batches every hour. After you first set-up an S3 bucket it may take up to 8 hours before you start seeing logs in your bucket.

Step 6: Find an S3 Client

When you’re ready, you should find an S3 client so that you can read logs written to your S3 bucket. Remember, once logs are deleted from our search index, they are no longer accessible from our site. There are various clients available for OSX, Windows and *nix systems. Here at Loggly, we use S3cmd, an open source command line tool for managing data stored with S3. Simple, no?