Anti-DDoS access log fields in Simple Log Service - Simple Log Service

Describes the access log fields for Anti-DDoS Pro, Anti-DDoS Premium, and Anti-DDoS Origin.

Anti-DDoS Pro

Log field	Description
__topic__	Log topic. Fixed value: `ddoscoo_access_log`.
owner_id	Alibaba Cloud account ID.
body_bytes_sent	Request body size. Unit: bytes.
cc_action	HTTP flood protection action. Example values: `none`, `challenge`, `pass`, `close`, `captcha`, `wait`, `login`.
cc_phase	HTTP flood protection policy triggered. Example values: `seccookie`, `server_ip_blacklist`, `static_whitelist`, `server_header_blacklist`, `server_cookie_blacklist`, `server_args_blacklist`, `qps_overmax`.
cc_blocks	Whether the request was blocked by HTTP flood protection. `1`: The request was blocked. Other values: The request was allowed.
content_type	Request content type.
host	Destination host in the request.
http_cookie	Request Cookie header.
http_referer	Request Referer header. `-` if absent.
http_user_agent	Request User-Agent header.
http_x_forwarded_for	Client IP forwarded by proxy.
https	Whether the request uses HTTPS. `true`: The request is an HTTPS request. `false`: The request is an HTTP request.
isp_line	ISP line, such as BGP, China Telecom, or China Unicom.
matched_host	Matched origin server (can be wildcard). `-` if no match.
real_client_ip	Real client IP. `-` if undetermined.
remote_addr	IP address of the connecting client.
remote_port	Port of the connecting client.
request_length	Request length. Unit: bytes.
request_method	HTTP request method.
request_time_msec	Request duration. Unit: milliseconds.
request_uri	Request path.
server_name	Matched hostname. `default` if unmatched.
status	HTTP status code.
time	Request timestamp.
ua_browser	Browser.
ua_browser_family	Browser family.
ua_browser_type	Browser type.
ua_device_type	Client device type.
ua_os	Client operating system.
ua_os_family	Client operating system family.
upstream_addr	Comma-separated list of back-to-origin addresses in `IP:Port` format.
upstream_ip	Back-to-origin IP used for this request.
upstream_response_time	Back-to-origin response time. Unit: seconds.
upstream_status	HTTP status code of the back-to-origin request.

Anti-DDoS Premium

Log field	Description
__topic__	Log topic. Fixed value: `ddosdip_access_log`.
owner_id	Alibaba Cloud account ID.
body_bytes_sent	Request body size. Unit: bytes.
cc_action	HTTP flood protection action. Example values: `none`, `challenge`, `pass`, `close`, `captcha`, `wait`, `login`.
cc_phase	HTTP flood protection policy triggered. Example values: `seccookie`, `server_ip_blacklist`, `static_whitelist`, `server_header_blacklist`, `server_cookie_blacklist`, `server_args_blacklist`, `qps_overmax`.
cc_blocks	Whether the request was blocked by HTTP flood protection. `1`: The request was blocked. Other values: The request was allowed.
content_type	Request content type.
host	Destination host in the request.
http_cookie	Request Cookie header.
http_referer	Request Referer header. `-` if absent.
http_user_agent	Request User-Agent header.
http_x_forwarded_for	Client IP forwarded by proxy.
https	Whether the request uses HTTPS. `true`: The request is an HTTPS request. `false`: The request is an HTTP request.
isp_line	ISP line, such as BGP, China Telecom, or China Unicom.
matched_host	Matched origin server (can be wildcard). `-` if no match.
real_client_ip	Real client IP. `-` if undetermined.
remote_addr	IP address of the connecting client.
remote_port	Port of the connecting client.
request_length	Request length. Unit: bytes.
request_method	HTTP request method.
request_time_msec	Request duration. Unit: milliseconds.
request_uri	Request path.
server_name	Matched hostname. `default` if unmatched.
status	HTTP status code.
time	Request timestamp.
ua_browser	Browser.
ua_browser_family	Browser family.
ua_browser_type	Browser type.
ua_device_type	Client device type.
ua_os	Client operating system.
ua_os_family	Client operating system family.
upstream_addr	Comma-separated list of back-to-origin addresses in `IP:Port` format.
upstream_ip	Back-to-origin IP used for this request.
upstream_response_time	Back-to-origin response time. Unit: seconds.
upstream_status	HTTP status code of the back-to-origin request.

Anti-DDoS Origin

Field	Description
__topic__	Log topic. Fixed value: `ddosbqp_access_log`.
data_type	Log type.
event_type	Event type.
ip	IP address where the event occurred.
subnet	Rerouted CIDR block.
event_time	Event date. Example: 2020-01-01.
qps	Queries per second (QPS) at the time of the event.
pps_in	Inbound packet rate at the time of the event. Unit: pps.
new_con	New connections at the time of the event.
kbps_in	Inbound traffic rate at the time of the event. Unit: Kbit/s.
instance_id	Instance ID.
time	Log generation time. Example: 2020-07-17 10:00:30.
destination_ip	Destination IP address.
port	Destination port.
total_traffic_in_bps	Total inbound traffic. Unit: bit/s.
total_traffic_drop_bps	Dropped inbound traffic. Unit: bit/s.
total_traffic_in_pps	Total inbound traffic. Unit: pps.
total_traffic_drop_pps	Dropped inbound traffic. Unit: pps.
pps_types_in_tcp_pps	Inbound TCP traffic. Unit: pps.
pps_types_in_udp_pps	Inbound UDP traffic. Unit: pps.
pps_types_in_icmp_pps	Inbound ICMP traffic. Unit: pps.
pps_types_in_syn_pps	Inbound SYN traffic. Unit: pps.
pps_types_in_ack_pps	Inbound ACK traffic. Unit: pps.
user_id	Alibaba Cloud account ID.