Accessing Application Logs as an Add-on Partner

Last updated December 03, 2024

Add-on Partners can access an app’s log data after a customer installs your add-on on their app. If you’re building an add-on that requires log access, create a log drain on behalf of the app to receive log data.

Log drains allow an add-on to read application logs. To write to the application log, see Add-on Partner Log Integration.

Log drains are currently unavailable in Fir. Add-ons requiring log drains are incompatible with Fir-generation apps.

To set it up application log access, you first need to request it through the manifest.

Add-on Manifest

The manifest must tell Heroku that your add-on requires permission to set up the log drain. Add syslog_drain to the list of permissions in the requires property:

{
  "id": "myaddon",
  "api": {
    "requires": ["syslog_drain"]
    //...
  }
}

Despite the name (syslog_drain), drains aren’t limited to the syslog:// protocol. In fact, HTTPS drains are preferred. See the user docs on log drains for more details.

Provisioning Call

When the add-on provisions, Heroku’s systems generate a unique log drain token for that attachment. Use this token to identify logs sent to the drain.

Relying on the Heroku-provided drain token instead of a unique field in a url like a port or api key ensures that no one can copy and paste or use drain URLs in a manual context. That restriction lets you to use the Platform API to update a drain in the future, and know that all valid instances of the URL get updated.

The provisioning call contains the log drain token. The content of our POST to the /heroku/resources endpoint is described here. With the syslog_drain feature enabled, the log_drain_token field gets added to the provision payload:

{
  // ...
  "log_drain_token": "d.01234567-89ab-cdef-0123-456789abcdef"
}

The response is:

{
  "id": 456,
  "config": { ... },
  "log_drain_url": "https://example.com/",
  "message": "your message here"
}

Heroku then starts directing app logs to the provided drain URL. We recommend using HTTPS URLs for the log_drain_url. See the user docs on log drains for more details.

When an app provisions an add-on successfully, the user can see the drain created on behalf of the add-on in the log drain list.

$ heroku drains
https://two.example.org
-----------------------------
[Dummy Addon]

Feedback

Log in to submit feedback.