Skip to content

Update Logs docs Logs fields page #202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 30, 2020
Merged

Update Logs docs Logs fields page #202

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions products/logs/src/content/log-fields/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ The tables below describe the fields available by log category. The list of fiel
<TableWrap>

| Field | Value | Type |
|---|---|---|
| -- | -- | -- |
| BotScore | Cloudflare Bot Score (available for Bot Management customers; please contact your account team to enable) | int |
| BotScoreSrc | Underlying detection engine or <em>source</em> on where a Bot Score is calculated.<br /> Possible values are <em>Not Computed</em> \| <em>Heuristics</em> \| <em>Machine Learning</em> \| <em>Behavioral Analysis</em> \| <em>Verified Bot</em> | string |
| CacheCacheStatus | <em>unknown</em> \| <em>miss</em> \| <em>expired</em> \| <em>updating</em> \| <em>stale</em> \| <em>hit</em> \| <em>ignored</em> \| <em>bypass</em> \| <em>revalidated</em> | string |
Expand Down Expand Up @@ -52,9 +52,9 @@ The tables below describe the fields available by log category. The list of fiel
| EdgeResponseStatus | HTTP status code returned by Cloudflare to the client | int |
| EdgeServerIP | IP of the edge server making a request to the origin | string |
| EdgeStartTimestamp | Timestamp at which the edge received request from the client | int or string |
| FirewallMatchesActions | Array of actions the Cloudflare firewall products performed on this request. The individual firewall products associated with this action be found in FirewallMatchesSources and their respective RuleIds can be found in FirewallMatchesRuleIDs. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesSources.<br /> Possible actions are <em>allow</em> \| <em>log</em> \| <em>simulate</em> \| <em>drop</em> \| <em>challenge</em> \| <em>jschallenge</em> \| <em>connectionClose</em> \| <em>bypass</em> | array of actions (strings) |
| FirewallMatchesRuleIDs | Array of RuleIDs of the firewall product that has matched the request. The firewall product associated with the RuleID can be found in FirewallMatchesSources. The length of the array is the same as FirewallMatchesActions and FirewallMatchesSources. | array of RuleIDs (strings) |
| FirewallMatchesSources | The firewall products that matched the request. The same product can appear multiple times, which indicates different rules or actions that were activated. The RuleIDs can be found in FirewallMatchesRuleIDs, the actions can be found in FirewallMatchesActions. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesActions.<br /> Possible sources are <em>asn</em> \| <em>country</em> \| <em>ip</em> \| <em>ipRange</em> \| <em>securityLevel</em> \| <em>zoneLockdown</em> \| <em>waf</em> \| <em>firewallRules</em> \| <em>uaBlock</em> \| <em>rateLimit</em> \| <em>bic</em> \| <em>hot</em> \| <em>l7ddos</em> \| <em>sanitycheck</em> \| <em>protect</em> | array of product names (strings) |
| FirewallMatchesActions | Array of actions the Cloudflare firewall products performed on this request. The individual firewall products associated with this action be found in FirewallMatchesSources and their respective RuleIds can be found in FirewallMatchesRuleIDs. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesSources.<br /> Possible actions are <em>allow</em> \| <em>log</em> \| <em>simulate</em> \| <em>drop</em> \| <em>challenge</em> \| <em>jschallenge</em> \| <em>connectionClose</em> \| <em>bypass</em> | array[string] |
| FirewallMatchesRuleIDs | Array of RuleIDs of the firewall product that has matched the request. The firewall product associated with the RuleID can be found in FirewallMatchesSources. The length of the array is the same as FirewallMatchesActions and FirewallMatchesSources. | array[string] |
| FirewallMatchesSources | The firewall products that matched the request. The same product can appear multiple times, which indicates different rules or actions that were activated. The RuleIDs can be found in FirewallMatchesRuleIDs, the actions can be found in FirewallMatchesActions. The length of the array is the same as FirewallMatchesRuleIDs and FirewallMatchesActions.<br /> Possible sources are <em>asn</em> \| <em>country</em> \| <em>ip</em> \| <em>ipRange</em> \| <em>securityLevel</em> \| <em>zoneLockdown</em> \| <em>waf</em> \| <em>firewallRules</em> \| <em>uaBlock</em> \| <em>rateLimit</em> \| <em>bic</em> \| <em>hot</em> \| <em>l7ddos</em> \| <em>sanitycheck</em> \| <em>protect</em> | array[string] |
| OriginIP | IP of the origin server | string |
| OriginResponseBytes (deprecated) | Number of bytes returned by the origin server | int |
| OriginResponseHTTPExpires | Value of the origin 'expires' header in RFC1123 format | string |
Expand All @@ -64,7 +64,7 @@ The tables below describe the fields available by log category. The list of fiel
| OriginSSLProtocol | SSL (TLS) protocol used to connect to the origin | string |
| ParentRayID | Ray ID of the parent request if this request was made using a Worker script | string |
| RayID | ID of the request | string |
| SecurityLevel | The security level configured at the time of this request. This is used to determine the sensitivity of the IP Reputation system | string |
| SecurityLevel | The security level configured at the time of this request. This is used to determine the sensitivity of the IP Reputation system. | string |
| WAFAction | Action taken by the WAF, if triggered | string |
| WAFFlags | Additional configuration flags: <em>simulate (0x1)</em> \| <em>null</em> | string |
| WAFMatchedVar | The full name of the most-recently matched variable | string |
Expand All @@ -85,7 +85,7 @@ The tables below describe the fields available by log category. The list of fiel
<TableWrap>

| Field | Value | Type |
|---|---|---|
| -- | -- | -- |
| Application | The unique public ID of the application on which the event occurred | string |
| ClientAsn | Client AS number | int |
| ClientBytes | The number of bytes read from the client by the Spectrum service | int |
Expand Down Expand Up @@ -116,7 +116,7 @@ The tables below describe the fields available by log category. The list of fiel
| OriginTlsStatus | The state of the TLS session from Spectrum to the origin; <em>UNKNOWN</em> \| <em>OK</em> \| <em>INTERNAL_ERROR</em> \| <em>INVALID_CONFIG</em> \| <em>INVALID_SNI</em> \| <em>HANDSHAKE_FAILED</em> \| <em>KEYLESS_RPC</em> | string |
| ProxyProtocol | Which form of proxy protocol is applied to the given connection; <em>off</em> \| <em>v1</em> \| <em>v2</em> \| <em>simple</em> | string |
| Status | A code indicating reason for connection closure | int |
| Timestamp | Timestamp at which the event took place | string |
| Timestamp | Timestamp at which the event took place | int or string |

</TableWrap>

Expand All @@ -126,7 +126,7 @@ The tables below describe the fields available by log category. The list of fiel
<TableWrap>

| Field | Value | Type |
|---|---|---|
| -- | -- | -- |
| Action | The code of the first-class action the Cloudflare Firewall took on this request | string |
| ClientASN | The ASN number of the visitor | int |
| ClientASNDescription | The ASN of the visitor as string | string |
Expand Down