diff --git a/docs/integrations/saas-cloud/fastly.md b/docs/integrations/saas-cloud/fastly.md index ae557b247f..68a46e9059 100644 --- a/docs/integrations/saas-cloud/fastly.md +++ b/docs/integrations/saas-cloud/fastly.md @@ -150,143 +150,91 @@ If you have Fastly's Web Application Firewall (WAF), perform these steps to upda Click to expand snippet ``` - { - "service_id":"%{req.service_id}V", - "service_version":"%{fastly_info.version}V", - "time_start":"%{begin:%Y-%m-%dT%H:%M:%S%Z}t", - "time_end":"%{end:%Y-%m-%dT%H:%M:%S%Z}t", - "time_elapsed":"%"{ - "time.elapsed.usec" - }"V", - "client_ip":"%{req.http.Fastly-Client-IP}V", - "request":"%{req.request}V", - "protocol":"%{req.proto}V", - "host":"%{req.http.Fastly-Orig-Host}V", - "origin_host":"%{req.http.Host}V", - "url":"%{cstr_escape(req.url)}V", - "is_ipv6":"%"{ - if(req.is_ipv6, - "true", - "false"")" - }"V", - "is_tls":"%"{ - "if(req.is_ssl", - "true", - "false"")" - }"V", - "tls_client_protocol":"%{cstr_escape(tls.client.protocol)}V", - "tls_client_servername":"%{cstr_escape(tls.client.servername)}V", - "tls_client_cipher":"%{cstr_escape(tls.client.cipher)}V", - "tls_client_cipher_sha":"%{cstr_escape(tls.client.ciphers_sha)}V", - "tls_client_tlsexts_sha":"%{cstr_escape(tls.client.tlsexts_sha)}V", - "is_h2":"%"{ - if(fastly_info.is_h2, - "true", - "false"")" - }"V", - "is_h2_push":"%"{ - if(fastly_info.h2.is_push, - "true", - "false"")" - }"V", - "h2_stream_id":"%{fastly_info.h2.stream_id}V", - "request_referer":"%{cstr_escape(req.http.Referer)}V", - "request_user_agent":"%{cstr_escape(req.http.User-Agent)}V", - "request_accept_content":"%{cstr_escape(req.http.Accept)}V", - "request_accept_language":"%{cstr_escape(req.http.Accept-Language)}V", - "request_accept_encoding":"%{cstr_escape(req.http.Accept-Encoding)}V", - "request_accept_charset":"%{cstr_escape(req.http.Accept-Charset)}V", - "request_connection":"%{cstr_escape(req.http.Connection)}V", - "request_dnt":"%{cstr_escape(req.http.DNT)}V", - "request_forwarded":"%{cstr_escape(req.http.Forwarded)}V", - "request_via":"%{cstr_escape(req.http.Via)}V", - "request_cache_control":"%{cstr_escape(req.http.Cache-Control)}V", - "request_x_requested_with":"%{cstr_escape(req.http.X-Requested-With)}V", - "request_x_forwarded_for":"%{cstr_escape(req.http.X-Forwarded-For)}V", - "status":"%{resp.status}V", - "content_type":"%{cstr_escape(resp.http.Content-Type)}V", - "cache_status":"%{regsub(fastly_info.state,""^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*"","\\2\\3")}V", - "is_cacheable":"%"{ - "if(fastly_info.state~""^(HIT|MISS)$", - "true", - "false"")" - }"V", - "response_age":"%{cstr_escape(resp.http.Age)}V", - "response_cache_control":"%{cstr_escape(resp.http.Cache-Control)}V", - "response_expires":"%{cstr_escape(resp.http.Expires)}V", - "response_last_modified":"%{cstr_escape(resp.http.Last-Modified)}V", - "response_tsv":"%{cstr_escape(resp.http.TSV)}V", - "geo_datacenter":"%{server.datacenter}V", - "geo_city":"%{client.geo.city}V", - "geo_country_code":"%{client.geo.country_code}V", - "geo_continent_code":"%{client.geo.continent_code}V", - "geo_region":"%{client.geo.region}V", - "req_header_size":"%"{ - "req.header_bytes_read" - }"V", - "req_body_size":"%"{ - "req.body_bytes_read" - }"V", - "resp_header_size":"%"{ - "resp.header_bytes_written" - }"V", - "resp_body_size":"%"{ - "resp.body_bytes_written" - }"V", - "socket_cwnd":"%"{ - "client.socket.cwnd" - }"V", - "socket_nexthop":"%{client.socket.nexthop}V", - "socket_tcpi_rcv_mss":"%"{ - "client.socket.tcpi_rcv_mss" - }"V", - "socket_tcpi_snd_mss":"%"{ - "client.socket.tcpi_snd_mss" - }"V", - "socket_tcpi_rtt":"%"{ - "client.socket.tcpi_rtt" - }"V", - "socket_tcpi_rttvar":"%"{ - "client.socket.tcpi_rttvar" - }"V", - "socket_tcpi_rcv_rtt":"%"{ - "client.socket.tcpi_rcv_rtt" - }"V", - "socket_tcpi_rcv_space":"%"{ - "client.socket.tcpi_rcv_space" - }"V", - "socket_tcpi_last_data_sent":"%"{ - "client.socket.tcpi_last_data_sent" - }"V", - "socket_tcpi_total_retrans":"%"{ - "client.socket.tcpi_total_retrans" - }"V", - "socket_tcpi_delta_retrans":"%"{ - "client.socket.tcpi_delta_retrans" - }"V", - "socket_ploss":"%"{ - "client.socket.ploss" - }"V", - "type":"request_logs", - "request_id":"%{req.http.x-request-id}V", - "waf_logged":"%{waf.logged}V", - "waf_block":"%{waf.blocked}V", - "waf_failures":"%{waf.failures}V", - "waf_rule_id":"%{waf.rule_id}V", - "waf_severity":"%{waf.severity}V", - "waf_passed":"%{waf.passed}V", - "waf_logdata":"%{cstr_escape(waf.logdata)}V", - "waf_executed":"%{waf.executed}V", - "waf_anomaly_score":"%{waf.anomaly_score}V", - "waf_sql_score":"%{waf.sql_injection_score}V", - "waf_rfi_score":"%{waf.rfi_score}V", - "waf_lfi_score":"%{waf.lfi_score}V", - "waf_xss_score":"%{waf.xss_score}V", - "waf_http_score":"%{waf.http_violation_score}V", - "waf_php_score":"%{waf.php_injection_score}V", - "waf_rce_score":"%{waf.rce_score}V", - "waf_session_fixation_score":"%{waf.session_fixation_score}V", - "waf_message":"%{cstr_escape(waf.message)}V" +{ + "service_id": "%{req.service_id}V", + "service_version": "%{fastly_info.version}V", + "time_start": "%{begin:%Y-%m-%dT%H:%M:%S%Z}t", + "time_end": "%{end:%Y-%m-%dT%H:%M:%S%Z}t", + "time_elapsed": "%{time.elapsed.usec}V", + "client_ip": "%{req.http.Fastly-Client-IP}V", + "request": "%{req.request}V", + "protocol": "%{req.proto}V", + "host": "%{req.http.Fastly-Orig-Host}V", + "origin_host": "%{req.http.Host}V", + "url": "%{cstr_escape(req.url)}V", + "is_ipv6": "%{if(req.is_ipv6, \"true\", \"false\")}V", + "is_tls": "%{if(req.is_ssl, \"true\", \"false\")}V", + "tls_client_protocol": "%{cstr_escape(tls.client.protocol)}V", + "tls_client_servername": "%{cstr_escape(tls.client.servername)}V", + "tls_client_cipher": "%{cstr_escape(tls.client.cipher)}V", + "tls_client_cipher_sha": "%{cstr_escape(tls.client.ciphers_sha)}V", + "tls_client_tlsexts_sha": "%{cstr_escape(tls.client.tlsexts_sha)}V", + "is_h2": "%{if(fastly_info.is_h2, \"true\", \"false\")}V", + "is_h2_push": "%{if(fastly_info.h2.is_push, \"true\", \"false\")}V", + "h2_stream_id": "%{fastly_info.h2.stream_id}V", + "request_referer": "%{cstr_escape(req.http.Referer)}V", + "request_user_agent": "%{cstr_escape(req.http.User-Agent)}V", + "request_accept_content": "%{cstr_escape(req.http.Accept)}V", + "request_accept_language": "%{cstr_escape(req.http.Accept-Language)}V", + "request_accept_encoding": "%{cstr_escape(req.http.Accept-Encoding)}V", + "request_accept_charset": "%{cstr_escape(req.http.Accept-Charset)}V", + "request_connection": "%{cstr_escape(req.http.Connection)}V", + "request_dnt": "%{cstr_escape(req.http.DNT)}V", + "request_forwarded": "%{cstr_escape(req.http.Forwarded)}V", + "request_via": "%{cstr_escape(req.http.Via)}V", + "request_cache_control": "%{cstr_escape(req.http.Cache-Control)}V", + "request_x_requested_with": "%{cstr_escape(req.http.X-Requested-With)}V", + "request_x_forwarded_for": "%{cstr_escape(req.http.X-Forwarded-For)}V", + "status": "%{resp.status}V", + "content_type": "%{cstr_escape(resp.http.Content-Type)}V", + "cache_status": "%{regsub(fastly_info.state, \"^(HIT-(SYNTH)|(HITPASS|HIT|MISS|PASS|ERROR|PIPE)).*\", \"\\2\\3\")}V", + "is_cacheable": "%{if(fastly_info.state~\"^(HIT|MISS)$\", \"true\", \"false\")}V", + "response_age": "%{cstr_escape(resp.http.Age)}V", + "response_cache_control": "%{cstr_escape(resp.http.Cache-Control)}V", + "response_expires": "%{cstr_escape(resp.http.Expires)}V", + "response_last_modified": "%{cstr_escape(resp.http.Last-Modified)}V", + "response_tsv": "%{cstr_escape(resp.http.TSV)}V", + "geo_datacenter": "%{server.datacenter}V", + "geo_city": "%{client.geo.city}V", + "geo_country_code": "%{client.geo.country_code}V", + "geo_continent_code": "%{client.geo.continent_code}V", + "geo_region": "%{client.geo.region}V", + "req_header_size": "%{req.header_bytes_read}V", + "req_body_size": "%{req.body_bytes_read}V", + "resp_header_size": "%{resp.header_bytes_written}V", + "resp_body_size": "%{resp.body_bytes_written}V", + "socket_cwnd": "%{client.socket.cwnd}V", + "socket_nexthop": "%{client.socket.nexthop}V", + "socket_tcpi_rcv_mss": "%{client.socket.tcpi_rcv_mss}V", + "socket_tcpi_snd_mss": "%{client.socket.tcpi_snd_mss}V", + "socket_tcpi_rtt": "%{client.socket.tcpi_rtt}V", + "socket_tcpi_rttvar": "%{client.socket.tcpi_rttvar}V", + "socket_tcpi_rcv_rtt": "%{client.socket.tcpi_rcv_rtt}V", + "socket_tcpi_rcv_space": "%{client.socket.tcpi_rcv_space}V", + "socket_tcpi_last_data_sent": "%{client.socket.tcpi_last_data_sent}V", + "socket_tcpi_total_retrans": "%{client.socket.tcpi_total_retrans}V", + "socket_tcpi_delta_retrans": "%{client.socket.tcpi_delta_retrans}V", + "socket_ploss": "%{client.socket.ploss}V", + "type": "request_logs", + "request_id": "%{req.http.x-request-id}V", + "waf_logged": "%{waf.logged}V", + "waf_block": "%{waf.blocked}V", + "waf_failures": "%{waf.failures}V", + "waf_rule_id": "%{waf.rule_id}V", + "waf_severity": "%{waf.severity}V", + "waf_passed": "%{waf.passed}V", + "waf_logdata": "%{cstr_escape(waf.logdata)}V", + "waf_executed": "%{waf.executed}V", + "waf_anomaly_score": "%{waf.anomaly_score}V", + "waf_sql_score": "%{waf.sql_injection_score}V", + "waf_rfi_score": "%{waf.rfi_score}V", + "waf_lfi_score": "%{waf.lfi_score}V", + "waf_xss_score": "%{waf.xss_score}V", + "waf_http_score": "%{waf.http_violation_score}V", + "waf_php_score": "%{waf.php_injection_score}V", + "waf_rce_score": "%{waf.rce_score}V", + "waf_session_fixation_score": "%{waf.session_fixation_score}V", + "waf_message": "%{cstr_escape(waf.message)}V" } ```