Login

Logs FAQ

Common questions related to GRAX application logs

Can I Save GRAX App Logs?

Out of the box the GRAX forwards app logs to a central GRAX service to help with automatic monitoring and customer support. For security reasons GRAX only retains these logs for 15 days. For more details see here here.

However, on Self-Managed GRAX, you are in control of the configuration of your GRAX application servers, and can configure them to forward logs to your own external storage systems.

How to do this depends on how your server is configured to run GRAX, as well as what log storage system you use. If you are using the standard GRAX AWS templates, GRAX logs go through:

  • systemd journal
  • rsyslog
  • /var/log/grax.log
  • AWS CloudWatch

Consult with your cloud team and logging service provider on how to configure the server to forwarding from one of these subsystems.

Can I Use GRAX App Logs for Auditing?

On Self-Managed GRAX, after you forward logs to your own logging service, you also are in control of how these are used, and can use them for auditing, monitoring and alerting.

While the format of application logs is subject to change, every API call is logged and includes:

  • HTTP method, path, and status
  • Remote address and user agent
  • Salesforce Org ID and User ID of the caller

Here is an example log for when the user with ID 0054o000002Yz6lAAC updated storage settings:

{"keys":{"jwtAuth":"sfid_00D770000008i1kEAA_0054o000002Yz6lAAC","method":"PUT","path":"/api/v1/secrets/StorageSecret","remoteAddr":"[2600:1700:9da3:c850:3c02:8217:4d9f:2507]:52529","route":"/api/v1/secrets/:id","status":200,"userAgent":"Mozilla/5.0"}}