Knowledge Base Community Release Notes Request Demo

Heroku Logs

Panther supports receiving Heroku logs directly via webhook

PreviousGoogle Workspace Logs NextJamf Pro Logs

Last updated 1 year ago

Was this helpful?

Heroku Logs

Panther supports receiving Heroku logs directly via webhook

Overview

Panther ingests by configuring a to post events to a Panther .

How to onboard Heroku runtime logs to Panther

Prerequisite

In order to complete Step 2 of this process (creating a log drain in Heroku), you must have Heroku's CLI installed. If it is not already installed, follow .

Step 1: Create a new Heroku source in Panther

In the left-side navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Heroku,” then click its tile.
- In the slide-out panel, the Transport Mechanism dropdown in the upper-right corner will be pre-populated with the HTTP option.
Click Start Setup.
Follow .
- When setting up this log source initially, set the Auth method as None. In Step 3 below, after retrieving an authentication token from Heroku, you will change it to Shared Secret authentication.
- Payloads sent to this source are subject to the .
- Do not proceed to the next step until the creation of your HTTP endpoint has completed.

Step 2: Create a new log drain in Heroku

Run a customized version of the following command in your Heroku CLI to set up a log drain pointing from your Heroku app to Panther's HTTP source: heroku drains:add https://logs.mypantherdomain.runpanther.net/http/1081f021-a983-4dae-bcbb-1952ffaa4e72 -a myherokuappname
Run the following command to retrieve your drain token: heroku drains --json -a myherokuappname
- From the output of this command, save the value of token. It will be used in the next step.

Step 3: Secure your log source in Panther

Navigate back to your Panther Console.
Locate the log source you created in Step 1, by clicking Configure > Log Sources, and clicking the name of the source.
In the upper-right corner, click Configuration, then Edit.
In the upper-right corner, click on the Security tab.
Change the value of the Auth method dropdown to Shared Secret, then enter values for the following fields:
- Header Name: Enter Logplex-Drain-Token.
- Shared Secret Value: Paste in the token you retrieved from the Heroku CLI in the previous step.
Click Save.

Supported log types

Heroku.Runtime

schema: Heroku.Runtime
parser:
  fastmatch:
    match:
      - '%{message_len} <%{priority}>%{version} %{timestamp} %{host_name} %{app_name} %{process_id} %{message_id} %{message}'
    emptyValues:
      - '-'
description: Logging output from the application itself, including logs generated by your app's code and dependencies, as well as system and API logs.
referenceURL: https://devcenter.heroku.com/articles/logging#runtime-logs
fields:
  - name: message_len
    type: int
  - name: priority
    type: int
  - name: version
    type: string
  - name: timestamp
    type: timestamp
    timeFormats:
      - rfc3339
    isEventTime: true
  - name: host_name
    type: string
    indicators:
      - hostname
  - name: app_name
    type: string
  - name: process_id
    type: string
  - name: message_id
    type: string
  - name: message
    type: string