Learn how to setup Papertrail with Forge and Laravel using secure communications.

Why this blogpost

Setting up Papertrail with Laravel Forge used to be a total breeze. As others have described, there was a seperate tab in Forge to setup server monitoring through services like New Relic and Papertrail.

Now that tab is gone, there is (just a little) more work to it. So here we go!


  • A Forge provisioned server
  • A running Laravel 5.x application

Step 1: Sign up for Papertrail

Go to Papertrailapp.com and signup. There's a perfeclty fine free plan to get started.

Step 2: Add a syslog handler

Create a Service Provider that lets Laravel log to the syslog in a nice format. This process is described in this blogpost by Rui Gomes

Step 3: Configure the server

This is the "new" step that is now needed as Forge doesn't do it for you anymore. It's basically two small steps:

  1. Set-up rsyslog to use Papertrail
  2. Secure the communication

I've included the links to the Papertrail documentation so this post might still be useful even if my description gets outdated.

Step 3.1: Set-up rsyslog to use Papertrail

Ssh into your server: go to the terminal and run

ssh 123.456.789.123 -l forge

Replace 123.456.789.123 with your own server ip address. The ip address (and the root password you're about to use) are sent to you by Forge by e-mail when the server was provisioned. Forge Email

Edit /etc/rsyslog.conf

sudo vim /etc/rsyslog.conf

and add the papertrail line to the end of the file. The terminal will ask for a password that can be found in the e-mail. papertrail-system-setup

Save the file (Hit escape and then :wq in vim to save and exit)

Restart syslog with

sudo service rsyslog restart

When rsyslog is restarted you should see the server log messages appear in Papertrail!
Check it out on the events page.

To do a quick test enter this in your console

logger I have just completed over 9000 steps from a tutorial!

Step 3.2: Secure the communication

Now to complete the setup, lets secure and optimize the Papertrail connection. First download the root certificate to your server:

sudo curl -o /etc/papertrail-bundle.pem https://papertrailapp.com/tools/papertrail-bundle.pem

Then install the rsyslog-gnutls package to support encrypted logging.

sudo apt-get install rsyslog-gnutls

Edit your /etc/rsyslog.conf file with the secure and optimized parameters.

They should be directly above the line you entered in step 3.1. The result should be:

$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs
$ActionSendStreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS
$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname
$ActionSendStreamDriverPermittedPeer *.papertrailapp.com # accept wildcard cert
$ActionResumeInterval 10
$ActionQueueSize 100000
$ActionQueueDiscardMark 97500
$ActionQueueHighWaterMark 80000
$ActionQueueType LinkedList
$ActionQueueFileName papertrailqueue
$ActionQueueCheckpointInterval 100
$ActionQueueMaxDiskSpace 2g
$ActionResumeRetryCount -1
$ActionQueueSaveOnShutdown on
$ActionQueueTimeoutEnqueue 10
$ActionQueueDiscardSeverity 0

*.* @@logs2.papertrailapp.com:YOUR-ID-HERE # extra @ makes it connect securly

Make sure there is now an extra @ to your Paperlog entry so it knows to use the secure connection!

Save the file, and restart rsyslog (sudo service rsyslog restart). Once it's restarted, retry the logging test from step 3.1.

All done!

That's all folks, all your logging neatly available on the interwebs!

comments powered by Disqus