tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud EdgeOne
    Documentation
    Download PDF

    L7 Access Logs

    Last updated: 2024-07-15 09:31:09
    Download PDF
      The following are detailed field descriptions for L7 access logs (Site Acceleration Logs, Rate Limiting and CC Attack Protection Logs, Custom Rule Logs, Bot Management Logs, and Managed Rule Logs).
      Note
      The feature of Real-time Logs - Site Acceleration Logs to record full L7 request logs (including L7 protection block logs) is in beta testing. If needed, please contact us.
      Rate Limiting and CC Attack Protection Logs, Custom Rule Logs, and Bot Management Logs will be deactivated on July 31, 2024. It is recommended to obtain full L7 protection logs by using the Site Acceleration Logs.

      General Fields

      Field Name
      Data Type
      Description
      Supported by Offline Logs or Not
      Supported by Real-Time Logs or Not
      EdgeEndTime
      Timestamp ISO8601
      The time to complete the response to the client request.
      EdgeFunctionSubrequest
      Integer
      Indicates whether this log entry belongs to a sub-request initiated by an edge function. Valid values include:
      1: sub-request initiated by an edge function.
      0: sub-request not initiated by an edge function.
      EdgeServerID
      String
      Unique identifier of the EdgeOne server accessed by the client.
      EdgeServerIP
      String
      IP address of the EdgeOne server obtained through DNS resolution of the host.
      EdgeSeverRegion
      String
      Country resolved from the IP address of the responding EdgeOne node. For the format standard, refer to ISO 3166-1 alpha-2.
      LogTime
      Timestamp ISO8601
      Generation time of the logs.
      ParentRequestID
      String
      If this request is initiated using edge functions, it is recorded as the RequestID of the parent request; otherwise, it is recorded as -.
      RequestID
      String
      Unique identifier of the client request.

      Client Information

      Field Name
      Data Type
      Description
      Supported by Offline Logs or Not
      Supported by Real-Time Logs or Not
      ClientDeviceType
      String
      Client request device type. Valid values include:
      TV: Television
      Tablet: Tablet PC
      Mobile: Mobile phone
      Desktop: Computer
      Other: Others
      ClientIP
      String
      Client IP address connected to EdgeOne nodes.
      ClientISP
      String
      ISP information resolved from the Client IP address.
      For data within the Chinese mainland, it is recorded as the ISP's Chinese name.
      For data in global availability zones (excluding the Chinese mainland), it is recorded as Autonomous System Number (ASN).
      ClientRegion
      String
      Country/Region resolved from the Client IP address. Format standard: ISO 3166-1 alpha-2.
      ClientState
      String
      Administrative region below the country level, resolved from the Client IP address. Currently, it only supports data within the Chinese mainland. Format standard: ISO-3166-2.

      Request Information

      Field Name
      Data Type
      Description
      Supported by Offline Logs or Not
      Supported by Real-Time Logs or Not
      RemotePort
      Integer
      Port for establishing a connection between the client and the node under the TCP protocol.
      RequestBytes
      Integer
      Total traffic sent from the client to the EdgeOne node during the request process, in bytes. It is obtained from statistics based on the request header size, request body size, and data sent from the client to the EdgeOne node during the SSL handshake.
      RequestHost
      String
      Host of the client request.
      RequestMethod
      String
      HTTP method of the client request. Valid values include:
      GET
      POST
      HEAD
      PUT
      DELETE
      CONNECT
      OPTIONS
      TRACE
      PATCH
      RequestProtocol
      String
      Application layer protocol of the client request. Valid values include:
      HTTP/1.0
      HTTP/1.1
      HTTP/2.0
      HTTP/3
      WebSocket
      RequestRange
      String
      Range parameter information of the client request.
      RequestReferer
      String
      Referer information of the client request.
      RequestSSLProtocol
      String
      SSL (TLS) protocol used by the client. If the value is -, it indicates no SSL handshake in the request. Valid values include:
      TLS 1.0
      TLS 1.1
      TLS 1.2
      TLS 1.3
      RequestStatus
      Integer
      Status of the client request. For WebSocket requests, EdgeOne will periodically print logs. This field can be used to determine the connection status. Valid values include:
      0: Request does not end.
      1: Request ends normally.
      2: It indicates the first log entry of the same connection under the WebSocket protocol.
      3: It indicates a log entry that is neither the first nor the last of the same connection under the WebSocket protocol.
      RequestTime
      Timestamp ISO8601
      Time when the EdgeOne node receives the client request. Time zone: UTC +00:00.
      RequestUA
      String
      User-Agent information of the client request.
      RequestUrl
      String
      URL path of the client request, excluding query parameters.
      RequestUrlQueryString
      String
      Query parameter carried in the client request URL.

      Response Information

      Field Name
      Data Type
      Description
      Supported by Offline Logs or Not
      Supported by Real-Time Logs or Not
      EdgeCacheStatus
      String
      Whether the client request hits the node cache. Valid values include:
      hit: The resource is provided by the node cache.
      miss: The resource can be cached, but provided by the origin server.
      dynamic: The resource cannot be cached.
      other: The cache status cannot be recognized.
      EdgeInternalTime
      Integer
      Duration from the time when EdgeOne receives the client-initiated request to the time when the first byte is responded to the client, in ms.
      EdgeResponseBodyBytes
      Integer
      Size of the response body returned by the node to the client, in bytes.
      EdgeResponseBytes
      Integer
      Total traffic returned by the node to the client, in bytes. It is obtained from statistics based on the response header size, response body size, and data sent by the EdgeOne node to the client during the SSL handshake.
      EdgeResponseStatusCode
      Integer
      Response status code returned to the client by the node.
      EdgeResponseTime
      Integer
      Duration from the time when EdgeOne receives the client-initiated request to the time when the client receives the server-side response, in ms.

      Origin Server Information

      Field Name
      Data Type
      Description
      Supported by Offline Logs or Not
      Supported by Real-Time Logs or Not
      OriginDNSResponseDuration
      Float
      Time consumed to receive the DNS Resolution response from the origin server, in ms. If there is no origin-pull, it is recorded as -1.
      OriginIP
      String
      IP address of the origin server accessed for origin-pull. If there is no origin-pull, it is recorded as -.
      OriginRequestHeaderSendDuration
      Float
      Time consumed to send the request header to the origin server, in ms. It is generally 0. If there is no origin-pull, it is recorded as -1.
      OriginResponseHeaderDuration
      Float
      Duration from sending the request header to the origin server to receiving the response header from the origin server, in ms. If there is no origin-pull, it is recorded as -1.
      OriginResponseStatusCode
      Integer
      Response status code of the origin server. If there is no origin-pull, it is recorded as -1.
      OriginSSLProtocol
      String
      SSL protocol version used for requesting the origin server. If there is no origin-pull, it is recorded as -. Valid values include:
      TLS 1.0
      TLS 1.1
      TLS 1.2
      TLS 1.3
      OriginTCPHandshakeDuration
      Float
      Time consumed to complete the TCP handshake when requesting the origin server, in ms. If there is no origin-pull, it is recorded as -1. Note: It is 0 when the connection is reused.
      OriginTLSHandshakeDuration
      Float
      Time consumed to complete the TLS handshake when requesting the origin server, in ms. If there is no origin-pull, it is recorded as -1. Note: It is 0 when the connection is reused.

      Fields Related to Security Protection

      Field Name
      Data Type
      Description
      Supported by Offline Logs or Not
      Supported by Real-Time Logs or Not
      BotCharacteristic
      String
      Characteristics of this request identified by EO Bot Intelligent Analysis Engine, only available for domains with Bot Management - Bot Intelligent Analysis enabled.
      BotClassAccountTakeOver
      String
      Risk level of the requesting client's IP address with malicious cracking logins and account takeover attacks, based on the recent IP intelligence data. Valid values include:
      high: high risk
      medium: medium risk
      low: low risk
      -: No historical data or the domain has not enabled the Client Reputation feature.
      BotClassAttacker
      String
      Risk level of the requesting client's IP address with attacks (e.g., DDoS, high-frequency malicious requests, and site attacks), based on the recent IP intelligence data. Valid values include:
      high: high risk
      medium: medium risk
      low: low risk
      -: No historical data or the domain has not enabled the Client Reputation feature.
      BotClassMaliciousBot
      String
      Risk level of the requesting client's IP address with malicious crawlers, brushing, and brute force attacks, based on the recent IP intelligence data. Valid values include:
      high: high risk
      medium: medium risk
      low: low risk
      -: No historical data or the domain has not enabled the Client Reputation feature.
      BotClassProxy
      String
      Risk level of the requesting client's IP address opening suspicious proxy ports and being used as a network proxy (including second-level dialing IP), based on the recent IP intelligence data. Valid values include:
      high: high risk
      medium: medium risk
      low: low risk
      -: No historical data or the domain has not enabled the Client Reputation feature
      BotClassScanner
      String
      Risk level of the requesting client's IP address with scanner actions of exploiting known vulnerabilities, based on the recent IP intelligence data. Valid values include:
      high: high risk
      medium: medium risk
      low: low risk
      -: No historical data or the domain has not enabled the Client Reputation feature.
      BotTag
      String
      Comprehensive evaluation and classification of the request by the EO Bot Intelligent Analysis Engine based on factors such as the request rate and the IP intelligence database. It is only available for domains with Bot Management - Bot Intelligent Analysis enabled. Valid values include:
      evil_bot (malicious Bot request)
      suspect_bot (suspected Bot request)
      good_bot (normal Bot request)
      normal (normal request)
      - (unclassified)
      JA3Hash
      String
      MD5 hash value of the JA3 fingerprint, used to analyze the SSL/TLS clients. It is only available for domains with Bot Management enabled.
      SecurityAction
      String
      Final handling action after a request matches the security rules. Valid values include:
      -: unknown/not matched
      Monitor: observation
      JSChallenge: JavaScript challenge
      Deny: block
      Allow: pass
      BlockIP: IP banning
      Redirect: redirect
      ReturnCustomPage: returning custom pages
      ManagedChallenge: managed challenge
      Silence: Silence
      LongDelay: response after a long delay
      ShortDelay: response after a short delay
      SecurityModule
      String
      Name of the security module finally handling the request, corresponding to SecurityAction. Valid values include:
      -: unknown/not matched
      CustomRule: Web Protection - Custom Rules
      RateLimitingCustomRule: Web Protection - Rate Limiting Rules
      ManagedRule: Web Protection - Managed Rules
      L7DDoS: Web Protection - CC Attack Protection
      BotManagement: Bot Management - Bot Basic Management
      BotClientReputation: Bot Management - Client Reputation
      BotBehaviorAnalysis: Bot Management - Bot Intelligent Analysis
      BotCustomRule: Bot Management - Custom Bot Rules
      BotActiveDetection: Bot Management - Proactive Feature Recognition
      SecurityRuleID
      String
      ID of the security rule for final request handling, corresponding to SecurityAction.
      Note:
      In the site acceleration logs, for long connections using the WebSocket protocol, EdgeOne will periodically record logs and the last log entry is recorded at the end of the final request. Requests can be identified through the RequestID field, that is, logs with the same RequestID represent the same connection. Additionally, the RequestStatus field can be used to determine the connection status at the time of logging.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy