Logs are generated by various components of the stack:
- The runtime (PHP, nodejs, etc..)
- The application
These logs are aggregated in AWS CloudWatch - see Usage access instructions.
Accessing logs can be done with either the
skpr command line interface, or CloudWatch Insights.
$ skpr logs [<flags>] <env> Stream logs to your terminal. Flags: --help Show context-sensitive help (also try --help-long and --help-man). --start=15m Fetch logs starting from this time - See supported formats below. Defaults to "15m" (or "now" if --follow enabled). --end=now Fetch logs up until this time - See supported formats below. Defaults to "now". Conflicts with --follow. --source="fpm" Filter logs to a specific system source. Comma-separated multi values supported. Supports "fpm" (default). --follow Streams logs in real-time until interrupted (ctrl+c). Conflicts with --end. Args: <env> Environment to pull logs from. Usually one of: prod/staging/dev.
Date / Time Formats
The following date/time formats are supported for the
- 30s "s" suffix denotes seconds.
- 15m "m" suffix denotes minutes.
- 2h "h" suffix denotes hours.
- 19:05: time with no date, defaults to current date (use 24 hour syntax)
- 2017-6-15: date with no time - assumes midnight of specified date
- 2017-6-15 19:05: date and time specified.
- 2019-04-26T07:46:40.795968088Z: RFC3339 with nanoseconds
prod logs generated between two times on a specific date.
$ skpr logs prod --start '2017-10-11 9:00' --end '2017-10-11 10:30'
staging logs for the last hour.
$ skpr logs staging --start 1h
dev logs in real time.
$ skpr logs dev --follow
prod logs generated between two times today.
$ skpr logs prod --start '11:55' --end '12:05'
dev cloudfront logs generated between two relative times.
$ skpr logs dev --start 2h --end 30m --source cloudfront
Applications need to output their logs to
stdout - this ensures the container orchestrator can aggregate logs and ship them to the storage backend. The Twelve-Factor App manifesto describes this succinctly:
A twelve-factor app never concerns itself with routing or storage of its output stream. It should not attempt to write to or manage logfiles. Instead, each running process writes its event stream, unbuffered, to
Enable and configure the Monolog module
- Enable the Monolog module, then configure it to log to a new Stdout stream.
- To install monolog module via composer, run:
composer require drupal/monolog:^1
- In your projects
services.ymlfile add the following config:
parameters: monolog.channel_handlers: # Log to the stdout by default. default: ['stdout'] services: monolog.handler.stdout: class: Monolog\Handler\StreamHandler arguments: ['php://stdout']
- Enable log_stdout
- Disable any other logging modules such as dblog or syslog.
Logs are collected using: k8s-cloudwatchlogs
Logs are then stored in CloudWatch as:
- Group =
- Stream =
When logs are queried they are either collected from Kubernetes or CloudWatch Logs.
--follow= Logs are queried from the Kubernetes cluster eg.
--follow= Logs are queried in CloudWatch Logs using Insights.