tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud EdgeOne
    Documentation
    Download PDF

    L7 Access Logs

    Last updated: 2024-11-27 11:18:05
    Download PDF
      The following are detailed field descriptions for L7 Access Logs (Site Acceleration Log, Rate Limiting, CC Attack Protection Log, Custom Rule Log, Bot Management Log, Managed Rule Log).
      Note
      Real-time Log - Site Acceleration Log records Full L7 Request Log, including the feature of L7 Protection Blocked Log is in beta testing. If needed, please Contact Us.
      Rate Limiting, CC Attack Protection Log, Custom Rule Log, and Bot Management Log are projected to be discontinued on July 31, 2024. It is recommended to use the Site Acceleration Log to obtain comprehensive L7 Protection Logs.

      Field Description

      General Fields

      Field Name
      Data Type
      Description
      Does this field support offline logs
      Does this field support real-time logs
      EdgeEndTime
      Timestamp ISO8601
      The time to complete the response to the client request. Example value: 2024-10-14T05:13:43Z, denoting 05:13:43, October 14, 2024 (UTC+0), which is equivalent to 13:13:43, October 14, 2024 (UTC+8 (Beijing time)).
      EdgeFunctionSubrequest
      Integer
      Indicates whether this log entry belongs to a subrequest initiated by an edge function, with the following values:
      1: Subrequest initiated by an edge function.
      0: Subrequest not initiated by an edge function.
      EdgeServerID
      String
      Unique identifier of the EdgeOne server accessed by the client.
      EdgeServerIP
      String
      IP address of the EdgeOne server obtained through DNS resolution of the Host.
      EdgeSeverRegion
      String
      Country/Region resolved from the IP address of the responding EdgeOne node, in the format as per: ISO 3166-1 alpha-2.
      LogTime
      Timestamp ISO8601
      Time the log was generated.Example value: 2024-10-14T05:13:43Z.
      ParentRequestID
      String
      If this request is initiated using edge functions, record the parent request's RequestID; otherwise, record as "-".
      RequestID
      String
      Unique ID of the client request.

      Client information

      Field Name
      Data Type
      Description
      Does this field support offline logs
      Does this field support real-time logs
      ClientDeviceType
      String
      Client request device type, values are:
      TV: Television
      Tablet: Tablet PC
      Mobile: Mobile Phone
      Desktop: Computer
      Other: Other
      ClientIP
      String
      Client IP connecting to EdgeOne nodes.
      ClientISP
      String
      ISP information resolved from Client IP.
      For data within the Chinese mainland, record as the ISP's Chinese name;
      For data in global availability zones (excluding the Chinese mainland), record as Autonomous System Number (ASN).
      ClientRegion
      String
      Country/Region resolved from the Client IP. Format standard: ISO 3166-1 alpha-2.
      ClientState
      String
      Subdivision below the country level resolved from the Client IP. Currently supports only data within the Chinese mainland. Format standard: ISO-3166-2.

      Request information

      Field Name
      Data Type
      Description
      Does this field support offline logs
      Does this field support real-time logs
      RemotePort
      Integer
      The EdgeOne node port that establishes a connection with the client under the TCP protocol.
      RequestBytes
      Integer
      Total traffic sent from the client to the EdgeOne node during the request process, based on the size of the request header, request body, and data sent during the SSL handshake. Unit: Byte.
      RequestHost
      String
      Client request host.
      RequestMethod
      String
      HTTP client request method, values are:
      GET
      POST
      HEAD
      PUT
      DELETE
      CONNECT
      OPTIONS
      TRACE
      PATCH
      RequestProtocol
      String
      Client request application layer protocol, values are:
      HTTP/1.0
      HTTP/1.1
      HTTP/2.0
      HTTP/3
      WebSocket
      RequestRange
      String
      Client request Range.
      RequestReferer
      String
      Client request Referer.
      RequestSSLProtocol
      String
      Client SSL(TLS) protocol used. If the value is "-", it means there was no SSL handshake. Possible values are:
      TLS1.0
      TLS1.1
      TLS1.2
      TLS1.3
      RequestStatus
      String
      Client request status. If using the WebSocket protocol, EdgeOne will periodically log it. This field can be used to determine the connection status. Possible values are:
      0: not ended
      1: Request successfully terminated
      2: Under WebSocket protocol, indicates the first log entry of the connection
      3: Under WebSocket protocol, indicates a log entry that is neither the first nor the last of the connection
      RequestTime
      Timestamp ISO8601
      Time when the EdgeOne node received the client request, timezone: UTC +00:00.Example value: 2024-10-14T05:13:43Z.
      RequestUA
      String
      Client request User-Agent.
      RequestUrl
      String
      Client request URL Path, excluding query parameters.
      RequestUrlQueryString
      String
      A query string that is carried in the client request URL.

      Response information

      Field Name
      Data Type
      Description
      Does this field support offline logs
      Does this field support real-time logs
      EdgeCacheStatus
      String
      Whether the client request hits the node cache, values include:
      hit: resource provided by node cache
      miss: resource can be cached, but provided by origin server
      dynamic: resource cannot be cached
      other: unrecognized cache status
      EdgeInternalTime
      Integer
      Time consumption from when EdgeOne receives the client-initiated request to when the first byte is responded to the client; unit: ms.
      EdgeResponseBodyBytes
      Integer
      Response body size returned to the client by the nodes, unit: Byte.
      EdgeResponseBytes
      Integer
      Total traffic returned by the node to the client, based on the size of the response header, response body, and data sent by the EdgeOne node during the SSL handshake. Unit: Byte.
      EdgeResponseStatusCode
      Integer
      Response status code returned to the client by the nodes.
      EdgeResponseTime
      Integer
      Time consumed from when EdgeOne receives the client-initiated request to when the client receives the server-side response. Unit: ms.

      Real Server Information

      Field Name
      Data Type
      Description
      Does this field support offline logs
      Does this field support real-time logs
      OriginDNSResponseDuration
      Float
      Time consumed to receive the DNS Resolution response from the origin server. If there is no origin retrieval, it is recorded as -1. Unit: ms.
      OriginIP
      String
      The IP of the origin server accessed for origin retrieval. If there is no origin retrieval, it is recorded as "-".
      OriginRequestHeaderSendDuration
      Float
      Time consumed to send the request header to the origin server. It is generally 0. If there is no origin retrieval, it is recorded as -1. Unit: ms.
      OriginResponseHeaderDuration
      Float
      Time consumed from sending the request header to the origin server to receiving the response header from the origin server. If there is no origin retrieval, it is recorded as -1. Unit: ms.
      OriginResponseStatusCode
      Integer
      origin server Response Status Code, if there is no origin retrieval, record as -1.
      OriginSSLProtocol
      String
      SSL protocol version used for the request to the origin server. If there is no origin retrieval, it is recorded as "-"; possible values:
      TLS1.0
      TLS1.1
      TLS1.2
      TLS1.3
      OriginTCPHandshakeDuration
      Float
      Time consumed to complete the TCP handshake when requesting the origin server. If there is no origin retrieval, it is recorded as -1. Unit: ms;Note: It is 0 when the connection is reused.
      OriginTLSHandshakeDuration
      Float
      Time consumed to complete the TLS handshake when requesting the origin server. If there is no origin retrieval or the origin-pull protocol is HTTP, it is recorded as -1. Unit: ms; Note: It is 0 when the connection is reused.

      Security Protection related fields

      Field Name
      Data Type
      Description
      Does this field support offline logs
      Does this field support real-time logs
      BotCharacteristic
      String
      EO Bot Intelligent Analysis Engine has identified the characteristics of this request, only available for domains with the Bot Intelligent Analysis feature enabled in Bot Management.
      BotClassAccountTakeOver
      String
      Based on recent IP Intelligence Data, the Client IP request poses a risk level for malicious login attacks. The values are:
      high: High Risk
      medium: Medium Risk
      low: Low Risk
      -: No historical data or domain has not enabled the Client Reputation feature
      BotClassAttacker
      String
      Based on recent IP Intelligence Data, the Client IP request poses a risk level for attacks (e.g., DDoS, high-frequency malicious requests, site attacks). The values are:
      high: High Risk
      medium: Medium Risk
      low: Low Risk
      -: No historical data or domain has not enabled the Client Reputation feature
      BotClassMaliciousBot
      String
      Based on recent IP Intelligence Data, the Client IP request poses a risk level for malicious crawlers, volume brushing, and brute force attacks. The values are:
      high: High Risk
      medium: Medium Risk
      low: Low Risk
      -: No historical data or domain has not enabled the Client Reputation feature
      BotClassProxy
      String
      Based on recent IP Intelligence Data, the Client IP request opens a suspicious proxy port and is used as a Network Proxy (including Second-level IP Dialing). The risk levels are:
      high: High Risk
      medium: Medium Risk
      low: Low Risk
      -: No historical data or domain has not enabled the Client Reputation feature
      BotClassScanner
      String
      Based on recent IP Intelligence Data, the Client IP request shows Scanner Behavior of exploiting known vulnerabilities. The risk levels are:
      high: High Risk
      medium: Medium Risk
      low: Low Risk
      -: No historical data or domain has not enabled the Client Reputation feature
      BotTag
      String
      The EO Bot Intelligent Analysis Engine comprehensively evaluates requests based on factors such as request rate and the IP Intelligence Database, only available for domains with the Bot Intelligent Analysis feature enabled in Bot Management. The values are:
      evil_bot:Malicious Bot Requests
      suspect_bot:Suspected Bot Requests
      good_bot:Normal Bot Request
      normal:Normal Request
      -:Unclassified
      JA3Hash
      String
      Used to analyze the JA3 fingerprint’s MD5 hash value for SSL/TLS clients. Provided only for domains with Bot Management enabled.
      SecurityAction
      String
      Final disposition action after request hits security rules, with possible values:
      -:Unknown/Not Hit
      Monitor:Observation
      JSChallenge:JavaScript Challenge
      Deny:Block
      Allow:Allow
      BlockIP:IP Ban
      Redirect:Redirect
      ReturnCustomPage:Return to Custom Page
      ManagedChallenge:Hosted Challenge
      Silence:Silence
      LongDelay:Response after a long delay
      ShortDelay:Response after a short delay
      SecurityModule
      String
      The name of the security module that finally handles the request, corresponding to SecurityAction, possible values include:
      -:Unknown/Not Hit
      CustomRule: Web Protection - Custom Rules
      RateLimitingCustomRule: Web Protection - Rate Limiting Rules
      ManagedRule: Web Protection - Managed Rules
      L7DDoS: Web Protection - CC Attack Protection
      BotManagement: Bot Management - Basic Bot Management
      BotClientReputation: Bot Management - Client Profile Analytics
      BotBehaviorAnalysis: Bot Management - Intelligent Bot Analysis
      BotCustomRule: Bot Management - Custom Bot Rules
      BotActiveDetection: Bot Management - Proactive Feature Recognition
      SecurityRuleID
      String
      ID of the security rule for final request handling, corresponding to SecurityAction.

      Log Example

      Below is an example of a single L7 access log by default. You can customize the EdgeOne log output format according to the specific requirements of the downstream log analysis system. For more details, see Custom Log Output Format.
      {
          "ClientState": "CN-LN",
          "BotTag": "normal",
          "EdgeSeverRegion": "US",
          "RequestID": "13719873400522703510",
          "RequestMethod": "GET",
          "RequestUrlQueryString": "-",
          "LogTime": "2024-10-13T23:30:39Z",
          "RequestUrl": "/app/",
          "RequestBodyBytes": 0,
          "SecurityRuleID": "-",
          "OriginRequestHeaderSendDuration": 0.001,
          "EdgeResponseTime": 379,
          "ParentRequestID": "-",
          "RequestSSLProtocol": "-",
          "RequestTime": "2024-10-13T23:30:39Z",
          "EdgeResponseStatusCode": 404,
          "ClientIP": "0.0.0.0",
          "BotCharacteristic": "-",
          "SecurityAction": "-",
          "EdgeEndTime": "2024-10-13T23:30:39Z",
          "RequestRange": "-",
          "BotClassScanner": "-",
          "BotClassProxy": "-",
          "ClientDeviceType": "Desktop",
          "RequestHost": "chatgpt.skyrun.vip",
          "OriginSSLProtocol": "-",
          "EdgeResponseBodyBytes": 548,
          "RequestProtocol": "HTTP/1.1",
          "EdgeServerID": "b3da9837137ad37f8e430b1d6de51dc5-d41d8cd98f00b204e9800998ecf8427e",
          "EdgeCacheStatus": "miss",
          "EdgeFunctionSubrequest": 0,
          "EdgeResponseBytes": 825,
          "OriginTCPHandshakeDuration": 182.485,
          "SecurityModule": "-",
          "EdgeInternalTime": 378,
          "RequestBytes": 769,
          "OriginIP": "0.0.0.0",
          "JA3Hash": "-",
          "OriginResponseHeaderDuration": 182.676,
          "OriginResponseStatusCode": 404,
          "ClientRegion": "US",
          "RemotePort": 80,
          "ClientISP": "AS396982",
          "BotClassMaliciousBot": "-",
          "BotClassAccountTakeOver": "-",
          "OriginDNSResponseDuration": 0.0,
          "RequestReferer": "-",
          "BotClassAttacker": "-",
          "RequestUA": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36",
          "EdgeServerIP": "0.0.0.0",
          "OriginTLSHandshakeDuration": -1,
          "RequestStatus": "1"
      }
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy