This topic describes the fields of access logs in Anti-DDoS Pro and Anti-DDoS Premium.
Log field | Description |
---|---|
__topic__ | The topic of a log entry.
|
body_bytes_sent | The size of a request body. Unit: bytes. |
content_type | The content type of a request. |
host | The origin server. |
http_cookie | The Cookie HTTP header. |
http_referer | The Referer HTTP header. If an HTTP header does not contain a referer, a hyphen (-) is displayed. |
http_user_agent | The User-Agent HTTP header. |
http_x_forwarded_for | The IP address of an upstream user. The IP address is forwarded by a proxy server. |
https | Indicates whether a request is an HTTPS request. Valid values:
|
matched_host | The matched origin server, which can be a wildcard domain name. If no origin server is matched, a hyphen (-) is displayed. |
real_client_ip | The real IP address of a client. If no real IP address can be obtained, a hyphen (-) is displayed. |
isp_line | The information of an Internet service provider (ISP) line, for example, BGP, China Telecom, or China Unicom. |
remote_addr | The IP address of a client that sends an access request. |
remote_port | The port number of a client that sends an access request. |
request_length | The size of a request. Unit: bytes. |
request_method | The HTTP method of a request. |
request_time_msec | The duration in which a request is processed. Unit: milliseconds. |
request_uri | The uniform resource identifier (URI) of a request. |
server_name | The name of a matched server. If no server name is matched, default is displayed. |
status | The HTTP status code. |
time | The time when a request is sent. |
cc_action | The action that is performed based on an HTTP flood protection policy. The action can be none, challenge, pass, close, captcha, wait, or login. |
cc_blocks | Indicates whether a request is blocked by an HTTP flood protection policy.
If this field does not exist, the last_result field is displayed to indicate whether the request is blocked by an HTTP flood protection policy. |
last_result | Indicates whether a request is blocked by an HTTP flood protection policy. Valid values:
If this field does not exist, the cc_blocks field is displayed to indicate whether the request is blocked by an HTTP flood protection policy. |
cc_phase | The HTTP flood protection policy that is matched. The policy can be seccookie, server_ip_blacklist, static_whitelist, server_header_blacklist, server_cookie_blacklist, server_args_blacklist, or qps_overmax. |
ua_browser | The browser.
This field may not exist. |
ua_browser_family | The family to which a browser belongs.
This field may not exist. |
ua_browser_type | The type of a browser.
This field may not exist. |
ua_browser_version | The version of a browser.
This field may not exist. |
ua_device_type | The type of a client.
This field may not exist. |
ua_os | The operating system of a client.
This field may not exist. |
ua_os_family | The family of the operating system that runs on a client.
This field may not exist. |
upstream_addr | The list of back-to-origin IP addresses that are separated by commas (,). Each IP address is in the IP:Port format. |
upstream_ip | The real IP address of an origin server. |
upstream_response_time | The response time of a back-to-origin process. Unit: seconds. |
upstream_status | The HTTP status code of a back-to-origin request. |
user_id | The ID of an Alibaba Cloud account. |
querystring | The string of a request. |