eCDN Logpush
eCDN Logpush delivers eCDN logs in batches of up to 100,000 records, with no minimum batch size. It is possible that Logpush can deliver the log files more than one time per minute.
These logs can contain valuable information such as the IP address of the client, the URL requested, the user agent string, and details about firewall events such as blocked requests, firewall rule triggers, and more.
You can specify which log types to deliver through eCDN Logpush while creating Logpush job, including HTTP requests and firewall events.
These are the available fields for http_requests
and firewall_events
.
eCDN Logpush supports pushing eCDN logs directly to Amazon S3 through CDN-API Logpush API.
- Create an S3 bucket. Refer to the AWS S3 documentation.
- Edit and paste the policy into S3 > Bucket > Permissions > Bucket Policy, replacing the
Resource
value with your own bucket path. TheAWS
Principal
is owned by CDN provider and should not be changed.
To avoid incomplete files and minimize storage costs, use the AbortIncompleteMultipartUpload
action when configuring a lifecycle rule for S3 multipart uploads with eCDN Logpush. Refer to Uploading and copying objects using multipart upload
To create an eCDN Logpush job, you must demonstrate ownership of the S3 bucket. The ownership token file is written to the S3 bucket destination. You must create an ownership challenge token for each path as they are unique for different paths within the same S3 bucket.
You can use the special string {DATE}
in the URL path to separate logs into daily subdirectories; for example s3://customer-bucket/logs/{DATE}?region=us-east-1&sse=AES256
. The name of the directory is replaced with the date in YYYYMMDD format (for example, 20230215) when the logs are stored.
A successful response returns 201.
- Name: Suggest using your site name as the job name; the name cannot be changed after the job is created
- Destination Path: Provide the S3 bucket path for receiving logs. Additional configuration parameters like region must be included.
- Ownership Challenge Token: Provide the ownership challenge token that you previously created
- Log Type: Indicate the type of logs you wish to receive in your S3 bucket. Currently, the available types are
http_requests
andfirewall_events
. - Log Fields: The available log fields vary depending on the type of logs. Please refer to the following lists for information on the available log fields: eCDN Logpush Log Field.
Please note it is only possible to create a maximum of two Logpush jobs per zone
Filter: You can use filters to select specific types of events to include in your logs or remove events irrelevant to your analysis. By applying filters to your logs, you can focus on the most important data and avoid unnecessary noise.
See eCDN Logpush Filter.
A successful response returns a 201.
The job is not enabled upon creation of the eCDN Logpush Job. You need to use the enable Logpush Job to start receiving logs into the S3 bucket.
A successful response returns 200.
A successful response returns 200.
A successful response returns 204.
The following is an example JSON log output from the eCDN Logpush job.
-
The Logpush job was accidentally turned off, and we missed some logs for a certain time period. Is there way to retrieve those missed logs?
- No, eCDN Logpush pushes the logs into the S3 bucket as soon as they become available and is not able to backfill the missing logs.
-
Can I adjust how often logs are pushed?
- No. eCDN Logpush pushes the logs in batches to the S3 bucket as soon as possible.
-
I created an ownership token, but I don’t see the file in my S3 bucket.
- Please check your S3 bucket policy for allowing eCDN Logpush to write a file to your bucket. Edit and paste the policy into S3 > Bucket > Permissions > Bucket Policy, replacing the Resource value as shown in the Enable eCDN Logpush to Amazon S3 section.