Skip to content


Logs are generated by various components of the stack:

  • The runtime (PHP, nodejs, etc..)
  • The application
  • CronJobs
  • CDN
  • Deployments

These logs are aggregated in AWS CloudWatch - see Usage access instructions.


Accessing logs can be done with either the skpr command line interface, or CloudWatch Insights.

Command Line

$ skpr logs [<flags>] <env>

Stream logs to your terminal.

  --help          Show context-sensitive help (also try --help-long and --help-man).
  --start=15m     Fetch logs starting from this time - See supported formats below. Defaults to "15m" (or "now" if --follow enabled).
  --end=now       Fetch logs up until this time - See supported formats below. Defaults to "now". Conflicts with --follow.
  --source="fpm"  Filter logs to a specific system source. Comma-separated multi values supported. Supports "fpm" (default).
  --follow        Streams logs in real-time until interrupted (ctrl+c). Conflicts with --end.

  <env>  Environment to pull logs from. Usually one of: prod/staging/dev.

Date / Time Formats

The following date/time formats are supported for the --start and --end flags.

  • Relative:
    • now
    • 30s "s" suffix denotes seconds.
    • 15m "m" suffix denotes minutes.
    • 2h "h" suffix denotes hours.
  • Absolute:
    • 19:05: time with no date, defaults to current date (use 24 hour syntax)
    • 2017-6-15: date with no time - assumes midnight of specified date
    • 2017-6-15 19:05: date and time specified.
    • 2019-04-26T07:46:40.795968088Z: RFC3339 with nanoseconds


Get prod logs generated between two times on a specific date.

$ skpr logs prod --start '2017-10-11 9:00' --end '2017-10-11 10:30'

Get staging logs for the last hour.

$ skpr logs staging --start 1h

Stream dev logs in real time.

$ skpr logs dev --follow

Get prod logs generated between two times today.

$ skpr logs prod --start '11:55' --end '12:05'

Get dev cloudfront logs generated between two relative times.

$ skpr logs dev --start 2h --end 30m --source cloudfront

CloudWatch Insights

Coming soon.

Application Setup

Applications need to output their logs to stdout - this ensures the container orchestrator can aggregate logs and ship them to the storage backend. The Twelve-Factor App manifesto describes this succinctly:

A twelve-factor app never concerns itself with routing or storage of its output stream. It should not attempt to write to or manage logfiles. Instead, each running process writes its event stream, unbuffered, to stdout.

Drupal 8

Enable and configure the Monolog module

  • Enable the Monolog module, then configure it to log to a new Stdout stream.
  • To install monolog module via composer, run:
composer require drupal/monolog:^1
  • In your projects services.yml file add the following config:
    # Log to the stdout by default.
    default: ['stdout']

    class: Monolog\Handler\StreamHandler
    arguments: ['php://stdout']

Drupal 7

  • Enable log_stdout
  • Disable any other logging modules such as dblog or syslog.

Deep Dive

Logs are collected using: k8s-cloudwatchlogs

Logs are then stored in CloudWatch as:

  • Stream = POD

When logs are queried they are either collected from Kubernetes or CloudWatch Logs.

  • --follow = Logs are queried from the Kubernetes cluster eg. kubectl logs
  • Without --follow = Logs are queried in CloudWatch Logs using Insights.