# Fastly Logs ## Overview Panther supports ingesting Fastly logs via common [Data Transport](https://docs.panther.com/data-onboarding/data-transports) options: Amazon Web Services (AWS) S3 and SQS. ## How to onboard Fastly logs to Panther To connect these logs into Panther: 1. In the lefthand navigation menu of the Panther Console, click **Configure > Log Sources**. 2. Click **Create New**. 3. Search for "Fastly", then click its tile. 4. Set up your Data Transport in the Panther Console. * Please follow Panther’s documentation for configuring the Data Transport option you will use: * [AWS S3 bucket](https://docs.panther.com/data-onboarding/data-transports/aws/s3) * [AWS SQS](https://docs.panther.com/data-onboarding/data-transports/aws/sqs) 5. Configure Fastly to push logs to the Data Transport source. * See Fastly's documentation for instructions on pushing logs to your selected Data Transport source. ## Supported log types ### Fastly.Access To ensure Panther can parse the logs, make sure to select "Blank" in the "Log line format" field when creating an S3 logging endpoint for your Fastly service. For more information, see the [Fastly Documentation on Common Log Format.](https://docs.fastly.com/en/guides/useful-log-formats#common-log-format-clf) ```yaml schema: Fastly.Access parser: fastmatch: match: - '%{remote_host_ip_address} %{client_identity_rfc_1413} %{request_user} [%{request_time}] "%{request_method} %{request_uri} %{request_protocol}" %{response_status} %{response_size}' emptyValues: - '-' trimSpace: true description: |- Fastly logs in the Common Log Format. To ensure Panther can parse the logs, make sure to select "Blank" in the "Log line format" field when creating an S3 logging endpoint for your Fastly service. referenceURL: https://docs.fastly.com/en/guides/useful-log-formats#common-log-format-clf fields: - name: remote_host_ip_address description: This is the IP address of the client (remote host) which made the request to the server. If HostnameLookups is set to On, then the server will try to determine the hostname and log it in place of the IP address. type: string indicators: - hostname - name: client_identity_rfc_1413 description: The RFC 1413 identity of the client determined by identd on the clients machine. type: string - name: request_user description: The userid of the person requesting the document as determined by HTTP authentication. type: string indicators: - username - name: request_time description: The time that the request was received. type: timestamp timeFormats: - '%d/%b/%Y:%H:%M:%S %z' isEventTime: true - name: request_method description: The HTTP request method type: string - name: request_uri description: The HTTP request URI type: string - name: request_protocol description: The HTTP request protocol type: string - name: response_status description: The HTTP status of the response type: smallint - name: response_size description: The size of the HTTP response in bytes type: bigint ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/data-onboarding/supported-logs/fastly.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.