All Products
Search
Document Center

Edge Security Acceleration:Instant logs

Last Updated:Sep 25, 2024

Instant logs are lightweight, easy to use, and do not require any additional configurations. With instant logs, you can view the access logs of specific websites in real time in the Edge Security Acceleration (ESA) console. This helps you pinpoint attacks, troubleshoot system faults, and debug or test network connectivity between clients and websites.

Usage notes

  • You can have only one active session per website at a time. Each session can last up to 60 minutes.

  • Instant logs can store up to 40 records at a time. The records are arranged in reverse chronological order, with newer records overwriting older ones.

  • The following operations can stop the monitoring. If you want to continue the monitoring after you perform the following operations, click Start Monitoring again.

    • If you expand the monitoring records, click Stop Monitoring, or click the export button image on the Instant Logs page, the monitoring stops, but the historical logs are retained on the page.

    • If you add filter conditions, switch from the Instant Logs page to another page such as the Standard Logs page, or refresh the Instant Logs page, the monitoring stops and the historical logs are cleared.

Start monitoring

  1. Log on to the ESA console.

  2. In the left-side navigation pane, click Websites.

  3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

  4. In the left-side navigation tree of the website details page, choose Analytics and Logs > Instant Logs.

  5. On the Instant Logs page, click Start Monitoring to collect logs.

    • You can narrow down the time range of displayed logs by adding filters. After you specify a filter and click Start Monitoring, only the logs that match the filter condition are displayed.

    • After the monitoring stops, you can expand the monitoring logs and view log fields in detail, or click the export button on the right side to download data in JSON format to your local PC.

Instant log fields

Category

Field

Data type

Description

General

ClientRequestID

string

The unique identifier of the request.

EdgeServerID

string

The unique identifier of the Dynamic Content Delivery Network (DCDN) POP that the client accesses.

EdgeServerIP

string

The IP address of the DCDN POP.

EdgeStartTimestamp

Timestamp ISO8601

The timestamp when the DCDN POP receives the request. Example: 2024-01-01T00:00:00+08:00.

EdgeEndTimestamp

Timestamp ISO8601

The timestamp when the DCDN POP completes sending the response to the client. Example: 2024-01-01T00:00:00+08:00.

SiteName

string

The website name.

TlsHash

string

The MD5 hash value of the SSL/TLS client fingerprint.

Client

ClientASN

string

The autonomous system number (ASN) parsed from the client IP address.

ClientCountryCode

string

The ISO-3166 Alpha-2 code parsed from the client IP address.

ClientIP

string

The client IP address that is used to connect to the DCDN POP.

ClientISP

string

The Internet service provider (ISP) information parsed from the client IP address.

ClientRegionCode

string

The ISO-3166-2 code parsed from the client IP address.

ClientSSLCipher

string

The SSL cipher suite of the client.

ClientSSLProtocol

string

The SSL protocol version of the client. A hyphen (-) indicates that SSL is not used.

ClientSrcPort

int

The port used to establish a connection between the client and the DCDN POP.

ClientXRequestedWith

string

The X-Requested-With request header.

ClientRequest

ClientRequestBytes

int

The request size. Unit: bytes.

ClientRequestHeaderRange

string

The Range request header. Example: bytes=0-100.

ClientRequestHost

string

The Host request header.

ClientRequestMethod

string

The HTTP method that the request uses.

ClientRequestPath

string

The path of the request.

ClientRequestProtocol

string

The protocol that the request uses.

ClientRequestReferer

string

The Referer request header.

ClientRequestScheme

string

The Scheme request header.

ClientRequestURI

string

The URI request header.

ClientRequestUserAgent

string

The User-Agent request header.

Edge

EdgeCacheStatus

string

The cache status of the request.

  • HIT: The request hits the cache.

  • MISS: The request misses the cache.

  • NOCACHE: The requested content is not cached.

  • DYNAMIC: The request is routed based on smart routing.

EdgeRequestHost

string

The origin host from which the DCDN POP retrieves content.

EdgeResponseBodyBytes

int

The size of the response body returned by the DCDN POP to the client. Unit: bytes.

EdgeResponseBytes

int

The size of the response returned by the DCDN POP to the client. Unit: bytes.

EdgeResponseCompressionAlgo

string

The algorithm used to compress the response returned by the DCDN POP.

EdgeResponseCompressionRatio

float

The compression ratio of the response returned by the DCDN POP.

EdgeResponseContentType

string

The Content-Type information returned by the DCDN POP.

EdgeResponseStatusCode

int

The status code returned by the DCDN POP to the client.

EdgeTimeToFirstByteMs

int

The period of time that elapses from when the DCDN POP receives the client request to when the DCDN POP returns the first byte of the response to the client. Unit: ms.

Origin

OriginDNSResponseTimeMs

int

The period of time consumed to receive the domain name system (DNS)-resolved response from the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server.

OriginIP

string

The IP address of the origin server from which the DCDN POP pulls content. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server.

OriginSSLProtocol

string

The SSL protocol version that DCDN uses to pull content from the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server.

OriginTCPHandshakeDurationMs

int

The period of time consumed to complete the TCP handshake with the origin server when the DCDN POP attempts to pull content from the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server. Unit: ms.

OriginTLSHandshakeDurationMs

int

The period of time consumed to complete the TLS handshake with the origin server when the DCDN POP attempts to pull content from the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server. Unit: ms.

OriginResponse

OriginResponseDurationMs

int

The period of time consumed by the origin server to return the first byte of the response to the DCDN POP. Value -1 indicates that the DCDN POP does not pull content from the origin server. Unit: ms.

OriginResponseHTTPExpires

string

The Expires information returned by the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server.

OriginResponseHTTPLastModified

string

The Last-Modified information retuned by the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server.

OriginResponseHeaderRange

string

The Range information retuned by the origin server. A hyphen (-) indicates that the DCDN POP does not pull content from the origin server.

OriginResponseStatusCode

int

The status code returned by the origin server. Value -1 indicates that the DCDN POP does not pull content from the origin server.

Feature availability

Basic

Standard

Advanced

Enterprise

Instant logs

No

Yes

Yes

Yes