Log Service for Anti-Bot Service (Anti-Bot) records the access logs and attack and defense logs of protected website domain names in detail. A log contains dozens of fields. You can select specific fields for query analysis as needed.
|__topic__||The log topic. This field is invariably set to antibot_access_log.||antibot_access_log|
|antibot||The type of the triggered Anti-Bot protection policy, including:
|antibot_action||The operation specified by the Anti-Bot protection policy, including:
|antibot_rule||The ID of the triggered Anti-Bot protection rule.||5472|
|antibot_verify||The result of the verification performed by Anti-Bot.
Note This value is recorded when the antibot_action field is set to challenge or captcha.
|block_action||The type of the bot protection that is triggered. The value is invariably set to antibot.||antibot|
|body_bytes_sent||The size of HTTP body (in byte) sent to the client.||2|
|content_type||The content type of the access request.||application/x-www-form-urlencoded|
|host||The source website.||api.aliyun.com|
|http_cookie||The cookie information about the access client, which is included in the access request header.||k1=v1;k2=v2|
|http_referer||The source URL of the access request, which is included in the access request header.
|http_user_agent||The User Agent field in the access request header, which typically includes the web browser identifier and operating system identifier of the source client.||Dalvik/2.1.0 (Linux; U; Android 7.0; EDI-AL10 Build/HUAWEIEDISON-AL10)|
|http_x_forwarded_for||The XFF header information in the access request header, which is used to identify the original IP addresses of the clients connected to a web server through the HTTP proxy or SLB.||-|
|https||Whether the access request is an HTTPS request. Valid values:
|matched_host||The matched domain name configured with Anti-Bot, which may be a wildcard domain name.
|real_client_ip||The actual IP address of the access client.
|region||The information about the region where the Anti-Bot instance is located.||cn|
|remote_addr||The IP address of the client that initiates the access request.||126.96.36.199|
|remote_port||The port of the client that initiates the access request.||23713|
|request_length||The length of the access request. Unit: bytes.||123|
|request_method||The HTTP request method of the access request.||GET|
|request_path||The relative path of the request (excluding the query string).||/news/search.php|
|request_time_msec||The duration of the access request. Unit: milliseconds.||44|
|request_traceid||The unique ID of the access request.||7837b11715410386943437009ea1f0|
|server_protocol||The protocol and version of the response returned by the origin server.||HTTP/1.1|
|status||The status of the HTTP response that Anti-Bot returns to the client.||200|
|time||The occurrence time of the access request.||2018-05-02T16:03:59+08:00|
|ua_browser||The information about the web browser that initiates the access request.||ie9|
|ua_browser_family||The family of the web browser that initiates the access request.||internet explorer|
|ua_browser_type||The type of the web browser that initiates the access request.||web_browser|
|ua_browser_version||The version of the web browser that initiates the access request.||9.0|
|ua_device_type||The device type of the client that initiates the access request.||computer|
|ua_os||The operating system of the client that initiates the access request.||windows_7|
|ua_os_family||The operating system family of the client that initiates the access request.||windows|
|upstream_addr||The origin address list of Anti-Bot in the format of
|upstream_ip||The origin IP address corresponding to the access request. For example, if Anti-Bot forwards the access request to an ECS instance, this parameter returns the IP address of the back-to-origin ECS instance.||188.8.131.52|
|upstream_response_time||The time for the origin server to respond to an Anti-Bot request. Unit: seconds. The response times out if "-" is returned.||0.044|
|upstream_status||The status of the response that the origin server returns to Anti-Bot. No response is available if "-" is returned. For example, the request is intercepted by Anti-Bot, or the response returned by the origin server times out.||200|
|user_id||AliUID of the Alibaba Cloud account.||12345678|
|wxbb_action||If the protection type of Anti-Bot is app protection, the following actions are supported:
Note This field is set to - if SDK protection is not configured.
|wxbb_invalid_wua||For more information about app protection, consult your technical engineer.||valid wua|
|wxbb_vmp_verify||Whether the VMP signature is valid.