Centralized Logging
Read your logs.
Without SSH-ing into anything.
HostAtlas centralizes log access across all your servers. Stream logs in real time, filter by severity, search by keyword, and query historical data — all from your browser. No SSH keys, no jump hosts, no context switching.
Log Access
Every log, every server. One interface.
The HostAtlas agent reads logs from discovered service log paths and streams them to the platform. You get real-time access with powerful filtering — no agents to configure, no log shippers to manage, no ports to open.
No SSH Required
Access logs directly from the HostAtlas dashboard. The agent securely streams log data over its outbound-only connection. No inbound ports, no SSH keys to manage, no jump hosts. Your servers stay locked down.
Real-time Streaming
Watch logs as they happen. HostAtlas streams new log entries to your browser over WebSockets. See nginx access logs, application errors, and system messages appear in real time — just like tail -f, but in your browser.
Filtering
Filter logs by severity level (error, warning, info, debug), by keyword, by regular expression, or by source file. Combine multiple filters to isolate exactly the log entries you need during an investigation.
Time-range Queries
Query logs from any time range — last 15 minutes, last hour, last 24 hours, or a custom date/time range. Jump to the exact moment an incident began and see every log entry in chronological order.
Full-text Search
Search across all logs from all servers simultaneously. Find every occurrence of an error message, a request ID, or a user identifier across your entire infrastructure in seconds. Results link directly to the log context.
Export
Export filtered log results as JSON or plain text. Share log excerpts with teammates, attach them to incident reports, or feed them into external analysis tools. Download what you need, nothing more.
Auto-Discovery
Log paths, discovered automatically.
When the HostAtlas agent discovers a running service, it also locates that service's log files. Nginx access and error logs, MySQL slow query logs, PostgreSQL logs, syslog, and journald entries are identified automatically. No configuration required.
Service-aware Detection
The agent reads service configuration files to find actual log paths — not just default locations. If your nginx logs to a custom path, HostAtlas finds it.
System Logs Included
Beyond service logs, the agent also captures syslog, auth.log, kern.log, and dmesg output. Get a complete picture of what is happening on each server.
Custom Log Paths
Need to monitor additional log files? Add custom log paths in the agent configuration. HostAtlas will read and stream those files alongside automatically discovered logs.
Path Restrictions
The agent only reads files from an explicitly allowed list of directories. It cannot be directed to read arbitrary files — a security boundary enforced at the agent binary level.
/var/log/nginx/access.log
/var/log/nginx/error.log
/var/log/nginx/app.example.com-access.log
/var/log/postgresql/postgresql-15-main.log
/var/log/redis/redis-server.log
/var/log/syslog
/var/log/auth.log
/var/log/kern.log
Log Viewer
A terminal experience in your browser.
The HostAtlas log viewer is designed for engineers who are used to reading logs in a terminal. Monospaced text, syntax highlighting, and keyboard navigation. All the comfort of tail -f with the power of a search engine.
[2026-03-21 14:32:01] 192.168.1.42 - - "GET /api/v1/servers HTTP/1.1" 200 1847 "-" "Mozilla/5.0" 0.023s
[2026-03-21 14:32:02] 10.0.0.15 - - "POST /api/v1/heartbeat HTTP/1.1" 201 42 "-" "HostAtlas-Agent/1.4" 0.008s
[2026-03-21 14:32:03] 192.168.1.42 - - "GET /api/v1/servers/47/metrics HTTP/1.1" 200 5621 "-" "Mozilla/5.0" 0.089s
[2026-03-21 14:32:04] 203.0.113.12 - - "GET /login HTTP/1.1" 302 0 "-" "Chrome/120.0" 0.003s
[2026-03-21 14:32:05] 198.51.100.8 - - "POST /api/v1/webhooks/test HTTP/1.1" 500 892 "-" "curl/8.4.0" 1.204s
[2026-03-21 14:32:05] 10.0.0.15 - - "POST /api/v1/metrics HTTP/1.1" 201 0 "-" "HostAtlas-Agent/1.4" 0.012s
[2026-03-21 14:32:06] 192.168.1.42 - - "GET /api/v1/incidents HTTP/1.1" 200 3284 "-" "Mozilla/5.0" 0.041s
█
Cloudflare Integration
Edge logs, unified with your server logs.
Connect Cloudflare LogPush to HostAtlas and get edge traffic data alongside your server-level logs. See the full request path — from Cloudflare's edge through to your origin server — in a single log viewer.
Edge Traffic Logs
Ingest Cloudflare HTTP request logs via LogPush. See every request that hits your domains at the edge — including cache status, edge response time, origin response time, and client IP geolocation.
WAF Event Logs
Receive Cloudflare WAF event logs to see which requests were challenged, blocked, or allowed. Correlate WAF actions with your origin server logs to understand both sides of the security story.
Bot Analysis
Cloudflare's bot score data flows into HostAtlas. Identify which traffic is from verified bots, likely bots, or likely humans. Filter your log views to focus on automated traffic or exclude it entirely.
Edge-to-Origin Correlation
HostAtlas correlates Cloudflare edge logs with your origin server access logs using request IDs and timestamps. See the full lifecycle of a request from edge cache to your application server.
Performance Insights
Analyze cache hit ratios, TTFB at the edge vs origin, and bandwidth savings. Identify domains with low cache hit rates and optimize your caching rules using real traffic data.
Simple Setup
Configure LogPush to send data to your HostAtlas endpoint. One Cloudflare API call or dashboard toggle. HostAtlas handles parsing, indexing, and storage automatically. No middleware required.
Storage Architecture
Hot queries. Cold archives. Optimal cost.
HostAtlas uses a tiered storage strategy. Recent logs are stored in ClickHouse for sub-second query performance. Older logs are automatically archived to S3-compatible object storage for long-term retention at minimal cost.
Hot Storage — ClickHouse
Recent logs (default: last 30 days) stored in ClickHouse for real-time querying. Full-text search, aggregation, and filtering execute in milliseconds. Optimized for the queries you run most during active monitoring and incident response.
Cold Storage — S3
Logs older than the hot retention window are compressed and archived to S3-compatible object storage. Still queryable through the HostAtlas interface — queries just take a few seconds longer. Retention periods are configurable per team.
Storage Tiering — Automatic
Monthly Storage Cost
Tiered storage saves ~78% vs keeping all logs in hot storage.
Details
Designed for operational efficiency.
Every aspect of HostAtlas log management is built to reduce mean-time-to-resolution. From structured parsing to cross-server search, every feature exists to help you find the problem faster.
Structured Parsing
HostAtlas parses common log formats (nginx combined, Apache common, syslog RFC 5424) into structured fields. Query by status code, response time, client IP, or any parsed field — not just raw text.
Cross-server Queries
Search logs from all servers simultaneously. Find a request ID that traversed multiple services, or identify an error pattern that appeared on multiple machines at the same time. One query, every server.
Log-based Alerts
Create alert rules based on log patterns. Trigger a notification when a specific error message appears more than N times in a given window. Catch issues before users report them.
Incident Correlation
When an incident is created, HostAtlas automatically links relevant log entries from the time window around the crash. Navigate from an incident directly to the logs that explain what went wrong.
Get Started
Stop SSH-ing. Start searching.
Install the HostAtlas agent and your server logs appear in the dashboard within minutes. Real-time streaming, filtering, and search — all from your browser. Free for up to 3 servers.