Instant logs are lightweight, easy to use, and do not require any additional configurations. With instant logs, you can view the access logs of specific websites in real time in the Edge Security Acceleration (ESA) console. This helps you pinpoint attacks, troubleshoot system faults, and debug or test network connectivity between clients and websites.
Usage notes
You can have only one active session per website at a time. Each session can last up to 60 minutes.
Instant logs can store up to 40 records at a time. The records are arranged in reverse chronological order, with newer records overwriting older ones.
The following operations can stop the monitoring. If you want to continue the monitoring after you perform the following operations, click Start Monitoring again.
If you expand the monitoring records, click Stop Monitoring, or click the export button
on the Instant Logs page, the monitoring stops, but the historical logs are retained on the page. If you add filter conditions, switch from the Instant Logs page to another page such as the Standard Logs page, or refresh the Instant Logs page, the monitoring stops and the historical logs are cleared.
Start monitoring
Log on to the ESA console.
In the left-side navigation pane, click Websites.
On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.
In the left-side navigation tree of the website details page, choose Analytics and Logs > Instant Logs.
On the Instant Logs page, click Start Monitoring to collect logs.
You can narrow down the time range of displayed logs by adding filters. After you specify a filter and click Start Monitoring, only the logs that match the filter condition are displayed.
After the monitoring stops, you can expand the monitoring logs and view log fields in detail, or click the export button on the right side to download data in JSON format to your local PC.
Instant log fields
Category | Field | Data type | Description |
General | ClientRequestID | string | The unique identifier of the request. |
EdgeServerID | string | The unique identifier of the Dynamic Content Delivery Network (DCDN) POP that the client accesses. | |
EdgeServerIP | string | The IP address of the DCDN POP. | |
EdgeStartTimestamp | Timestamp ISO8601 | The timestamp when the DCDN POP receives the request. Example: 2024-01-01T00:00:00+08:00. | |
EdgeEndTimestamp | Timestamp ISO8601 | The timestamp when the DCDN POP completes sending the response to the client. Example: 2024-01-01T00:00:00+08:00. | |
SiteName | string | The website name. | |
TlsHash | string | The MD5 hash value of the SSL/TLS client fingerprint. | |
Client | ClientASN | string | The autonomous system number (ASN) parsed from the client IP address. |
ClientCountryCode | string | The ISO-3166 Alpha-2 code parsed from the client IP address. | |
ClientIP | string | The client IP address that is used to connect to the DCDN POP. | |
ClientISP | string | The Internet service provider (ISP) information parsed from the client IP address. | |
ClientRegionCode | string | The ISO-3166-2 code parsed from the client IP address. | |
ClientSSLCipher | string | The SSL cipher suite of the client. | |
ClientSSLProtocol | string | The SSL protocol version of the client. A hyphen (-) indicates that SSL is not used. | |
ClientSrcPort | int | The port used to establish a connection between the client and the DCDN POP. | |
ClientXRequestedWith | string | The X-Requested-With request header. | |
ClientRequest | ClientRequestBytes | int | The request size. Unit: bytes. |
ClientRequestHeaderRange | string | The Range request header. Example: bytes=0-100. | |
ClientRequestHost | string | The Host request header. | |
ClientRequestMethod | string | The HTTP method that the request uses. | |
ClientRequestPath | string | The path of the request. | |
ClientRequestProtocol | string | The protocol that the request uses. | |
ClientRequestReferer | string | The Referer request header. | |
ClientRequestScheme | string | The Scheme request header. | |
ClientRequestURI | string | The URI request header. | |
ClientRequestUserAgent | string | The User-Agent request header. | |
Edge | EdgeCacheStatus | string | The cache status of the request.
|
EdgeRequestHost | string | The origin host from which the DCDN POP retrieves content. | |
EdgeResponseBodyBytes | int | The size of the response body returned by the DCDN POP to the client. Unit: bytes. | |
EdgeResponseBytes | int | The size of the response returned by the DCDN POP to the client. Unit: bytes. | |
EdgeResponseCompressionAlgo | string | The algorithm used to compress the response returned by the DCDN POP. | |
EdgeResponseCompressionRatio | float | The compression ratio of the response returned by the DCDN POP. | |
EdgeResponseContentType | string | The Content-Type information returned by the DCDN POP. | |
EdgeResponseStatusCode | int | The status code returned by the DCDN POP to the client. | |
EdgeTimeToFirstByteMs | int | The period of time that elapses from when the DCDN POP receives the client request to when the DCDN POP returns the first byte of the response to the client. Unit: ms. | |
Origin | OriginDNSResponseTimeMs | int | The period of time consumed to receive the domain name system (DNS)-resolved response from the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server. |
OriginIP | string | The IP address of the origin server from which the DCDN POP pulls content. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server. | |
OriginSSLProtocol | string | The SSL protocol version that DCDN uses to pull content from the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server. | |
OriginTCPHandshakeDurationMs | int | The period of time consumed to complete the TCP handshake with the origin server when the DCDN POP attempts to pull content from the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server. Unit: ms. | |
OriginTLSHandshakeDurationMs | int | The period of time consumed to complete the TLS handshake with the origin server when the DCDN POP attempts to pull content from the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server. Unit: ms. | |
OriginResponse | OriginResponseDurationMs | int | The period of time consumed by the origin server to return the first byte of the response to the DCDN POP. Value -1 indicates that the DCDN POP does not pull content from the origin server. Unit: ms. |
OriginResponseHTTPExpires | string | The Expires information returned by the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server. | |
OriginResponseHTTPLastModified | string | The Last-Modified information retuned by the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server. | |
OriginResponseHeaderRange | string | The Range information retuned by the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server. | |
OriginResponseStatusCode | int | The status code returned by the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server. |
Feature availability
Basic | Standard | Advanced | Enterprise | |
Instant logs | No | Yes | Yes | Yes |