Acquia Copilot

Get Answers

With Copilot

Acquia Copilot is a conversational AI connected into our product documentation and knowledge base. Ask Copilot about product features, technical details, troubleshooting and how to get started with Acquia products.

Loading search...

For Cloud Platform to forward your logs to your destination service, you must have already installed a valid SSL certificate. When troubleshooting your SSL certificate, review the following SSL certificate issues and any returned HTTP response codes to address the most common problems with log forwarding:

Certificate expiration date: The certificate’s expiration must be set to a date at least one month in the future.
Valid public key: Confirm that you have provided the correct public key for the SSL certificate that you have uploaded to the log forwarding service.
Matching SSL certificates: Confirm the CA certificate you uploaded to the log forwarding destination infrastructure was signed with the same public key you uploaded to Cloud Platform.
Certificate order: If you are using bundled certificates, ensure the certificates in the chain are in the order they were generated. Your infrastructure’s certificate should be the first in the chain, and the final certificate in the chain should be the CA certificate for the signing authority. For more information, see About SSL certificates and chain certificates.
Private key: The private key and certificate signing request (CSR) must be generated on the infrastructure on which you are installing the certificate for the certificate to install correctly. If the private key has been lost, the certificate must be reissued with a new CSR.

Before you try to set up log forwarding:

Check if the destination is supported.
Ensure that there is no firewall, or IP blacklisting/IP allowlisting setup that can block the flow of logs.
- If you use IP allowlisting on your log forwarding destination, you must have been assigned EIPs or Web EIPs in Cloud Platform. To know if these features are enabled, access the Cloud Platform user interface or visit Using Elastic IP addresses and Using Web Elastic IP addresses.
- To forward logs from Cloud Platform balancers, you must add your EIPs to your allowlists. In addition, forwarding logs from web servers requires EIPs in Cloud Classic or Web EIPs in Cloud Next.

Log forwarding response codes

After uploading your certificate to the log forwarding service, Cloud Platform attempts to evaluate the connection, and returns an error message if it can’t. The details for each of the following response codes can help you diagnose problems with your log forwarding configuration:

Note:

For Cloud Next applications, you can view the layer where log forwarding runs in the Status column in Logs > Forward:

Balancer layer or [bal]: Represents an issue with the balancer layer.
Web layer or [web]: Represents an issue with the web layer.

Response code	Error	Description	Applicable Cloud Platform version
100	Error on Multiple Layers	The destination has configuration issues on both the balancer and web layers. The format of this error is: `[web][Error Code]Error Message [bal][Error Code]Error Message` Sample error message: `[web][301]ssl connection error [bal][401]Connection timed out`	Cloud Next
200	(None)	The log forwarding service connected with the remote infrastructure.	Cloud Next and Cloud Classic
301	SSL connection error	Cloud Platform couldn’t establish a SSL connection with the log forwarding service. The error message should contain a stack trace.	Cloud Next and Cloud Classic
302	SSL verification error	SSL verification failed, the SSL certificate is invalid, or SSL is not accepted by the infrastructure. For more information, see the Diagnostics section of the `openssl-verify` information page at OpenSSL.org.	Cloud Next and Cloud Classic
303

Certificate expiration date: The certificate’s expiration must be set to a date at least one month in the future.
Valid public key: Confirm that you have provided the correct public key for the SSL certificate that you have uploaded to the log forwarding service.
Matching SSL certificates: Confirm the CA certificate you uploaded to the log forwarding destination infrastructure was signed with the same public key you uploaded to Cloud Platform.
Certificate order: If you are using bundled certificates, ensure the certificates in the chain are in the order they were generated. Your infrastructure’s certificate should be the first in the chain, and the final certificate in the chain should be the CA certificate for the signing authority. For more information, see About SSL certificates and chain certificates.
Private key: The private key and certificate signing request (CSR) must be generated on the infrastructure on which you are installing the certificate for the certificate to install correctly. If the private key has been lost, the certificate must be reissued with a new CSR.

Before you try to set up log forwarding:

Check if the destination is supported.
Ensure that there is no firewall, or IP blacklisting/IP allowlisting setup that can block the flow of logs.
- If you use IP allowlisting on your log forwarding destination, you must have been assigned EIPs or Web EIPs in Cloud Platform. To know if these features are enabled, access the Cloud Platform user interface or visit Using Elastic IP addresses and Using Web Elastic IP addresses.
- To forward logs from Cloud Platform balancers, you must add your EIPs to your allowlists. In addition, forwarding logs from web servers requires EIPs in Cloud Classic or Web EIPs in Cloud Next.

Log forwarding response codes

Note:

For Cloud Next applications, you can view the layer where log forwarding runs in the Status column in Logs > Forward:

Balancer layer or [bal]: Represents an issue with the balancer layer.
Web layer or [web]: Represents an issue with the web layer.

Response code	Error	Description	Applicable Cloud Platform version
100	Error on Multiple Layers	The destination has configuration issues on both the balancer and web layers. The format of this error is: `[web][Error Code]Error Message [bal][Error Code]Error Message` Sample error message: `[web][301]ssl connection error [bal][401]Connection timed out`	Cloud Next
200	(None)	The log forwarding service connected with the remote infrastructure.	Cloud Next and Cloud Classic
301	SSL connection error	Cloud Platform couldn’t establish a SSL connection with the log forwarding service. The error message should contain a stack trace.	Cloud Next and Cloud Classic
302	SSL verification error	SSL verification failed, the SSL certificate is invalid, or SSL is not accepted by the infrastructure. For more information, see the Diagnostics section of the `openssl-verify` information page at OpenSSL.org.	Cloud Next and Cloud Classic
303

Certificate expiration date: The certificate’s expiration must be set to a date at least one month in the future.
Valid public key: Confirm that you have provided the correct public key for the SSL certificate that you have uploaded to the log forwarding service.
Matching SSL certificates: Confirm the CA certificate you uploaded to the log forwarding destination infrastructure was signed with the same public key you uploaded to Cloud Platform.
Certificate order: If you are using bundled certificates, ensure the certificates in the chain are in the order they were generated. Your infrastructure’s certificate should be the first in the chain, and the final certificate in the chain should be the CA certificate for the signing authority. For more information, see About SSL certificates and chain certificates.
Private key: The private key and certificate signing request (CSR) must be generated on the infrastructure on which you are installing the certificate for the certificate to install correctly. If the private key has been lost, the certificate must be reissued with a new CSR.

Before you try to set up log forwarding:

Check if the destination is supported.
Ensure that there is no firewall, or IP blacklisting/IP allowlisting setup that can block the flow of logs.
- If you use IP allowlisting on your log forwarding destination, you must have been assigned EIPs or Web EIPs in Cloud Platform. To know if these features are enabled, access the Cloud Platform user interface or visit Using Elastic IP addresses and Using Web Elastic IP addresses.
- To forward logs from Cloud Platform balancers, you must add your EIPs to your allowlists. In addition, forwarding logs from web servers requires EIPs in Cloud Classic or Web EIPs in Cloud Next.

Log forwarding response codes

Note:

For Cloud Next applications, you can view the layer where log forwarding runs in the Status column in Logs > Forward:

Balancer layer or [bal]: Represents an issue with the balancer layer.
Web layer or [web]: Represents an issue with the web layer.

Response code	Error	Description	Applicable Cloud Platform version
100	Error on Multiple Layers	The destination has configuration issues on both the balancer and web layers. The format of this error is: `[web][Error Code]Error Message [bal][Error Code]Error Message` Sample error message: `[web][301]ssl connection error [bal][401]Connection timed out`	Cloud Next
200	(None)	The log forwarding service connected with the remote infrastructure.	Cloud Next and Cloud Classic
301	SSL connection error	Cloud Platform couldn’t establish a SSL connection with the log forwarding service. The error message should contain a stack trace.	Cloud Next and Cloud Classic
302	SSL verification error	SSL verification failed, the SSL certificate is invalid, or SSL is not accepted by the infrastructure. For more information, see the Diagnostics section of the `openssl-verify` information page at OpenSSL.org.	Cloud Next and Cloud Classic
303

Get Answers

Search

Search

Log forwarding response codes

Log forwarding response codes

Log forwarding response codes

Did not find what you were looking for?

Did not find what you were looking for?

Get Answers

Common issues with log forwarding

Log forwarding response codes

Common issues with log forwarding

Log forwarding response codes

Common issues with log forwarding

Log forwarding response codes

Did not find what you were looking for?

Did not find what you were looking for?