Habilitación de la retención de registros

Los registros de extremo no se retienen de forma predeterminada. Antes de poder extraer registros mediante la CLI de Logpull, debe habilitar la retención de registros. Para ello, debe comprobar el valor actual y luego activar o desactivar la retención de registros. Cuando está habilitado, los registros se conservan durante 7 días. Si la retención está desactivada, los registros guardados anteriormente estarán disponibles hasta que caduque el periodo de retención.

1. Para comprobar si la retención de registros está desactivada actualmente, utilice la CLI log-retention:

ibmcloud cis log-retention DNS_DOMAIN_ID

1. Si la salida muestra que el distintivo está desactivado (off, valor predeterminado), actualice el valor del siguiente modo.

ibmcloud cis log-retention-update DNS_DOMAIN_ID --flag on

Casos de uso de Logpull

ibmcloud cis logpull DNS_DOMAIN_ID --ray-id RAY_ID

{
    "ClientIP": "68.278.11.89",
    "ClientRequestHost": "testing.logpull.com",
    "ClientRequestMethod": "GET",
    "ClientRequestURI": "/var/www",
    "EdgeEndTimestamp": 1545155129703000000,
    "EdgeResponseBytes": 1935,
    "EdgeResponseStatus": 403,
    "EdgeStartTimestamp": 1545155129696000000,
    "RayID": "48b371889c489b2c"
}

ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00

{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-collapse.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":2205,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628044000000,"RayID":"48ab19434891c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/3d.gif","EdgeEndTimestamp":1545067627970000000,"EdgeResponseBytes":2538446,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627951000000,"RayID":"48ab1942bf96c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/logo.gif","EdgeEndTimestamp":1545067628051000000,"EdgeResponseBytes":82257,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628048000000,"RayID":"48ab194348a0c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/docs.css","EdgeEndTimestamp":1545067627952000000,"EdgeResponseBytes":540,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af8ac7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap.css","EdgeEndTimestamp":1545067627952000000,"EdgeResponseBytes":17311,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af85c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/jquery.js","EdgeEndTimestamp":1545067628045000000,"EdgeResponseBytes":33555,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628042000000,"RayID":"48ab19434882c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/watson.gif","EdgeEndTimestamp":1545067628052000000,"EdgeResponseBytes":893230,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab194348a3c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-386.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":1663,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628043000000,"RayID":"48ab19434884c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/Fixedsys500c.woff","EdgeEndTimestamp":1545067630272000000,"EdgeResponseBytes":14055,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067629064000000,"RayID":"48ab1949aca2c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bios.gif","EdgeEndTimestamp":1545067628055000000,"EdgeResponseBytes":1121237,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab1943489ec7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-modal.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":2569,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628043000000,"RayID":"48ab1943488ac7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/holder.js","EdgeEndTimestamp":1545067628053000000,"EdgeResponseBytes":4593,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab19434898c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/old_school.png","EdgeEndTimestamp":1545067627960000000,"EdgeResponseBytes":1466,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627952000000,"RayID":"48ab1942bf92c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-responsive.css","EdgeEndTimestamp":1545067627951000000,"EdgeResponseBytes":4797,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af86c7a7"}

ibmcloud cis logpull DNS_DOMAIN_ID --available-fields

ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00 --fields ZoneName,RayID

"BotScore": "int; Cloudflare Bot Score. Scores below 30 are commonly associated with automated traffic. Available only for Bot Management customers. To enable this feature, contact your account team.",
"BotScoreSrc": "string; Detection engine responsible for generating the Bot Score. Possible values are Not Computed | Heuristics | Machine Learning | Behavioral Analysis | Verified Bot | JS Fingerprinting | Cloudflare Service. Available only for Bot Management customers. To enable this feature, contact your account team.",
"CacheCacheStatus": "string; Cache status. Possible values are unknown | miss | expired | updating | stale | hit | ignored | bypass | revalidated | dynamic | stream_hit | deferred \"dynamic\" means that a request is not eligible for cache. This can mean, for example that it was blocked by the firewall. Refer to [Cloudflare cache responses](https://developers.cloudflare.com/cache/concepts/cache-responses/) for more details.",
"CacheResponseBytes": "int; Number of bytes returned by the cache.",
"CacheResponseStatus": "int; HTTP status code returned by the cache to the edge. All requests (including non-cacheable ones) go through the cache. Refer also to CacheCacheStatus field.",
"CacheTieredFill": "bool; Tiered Cache was used to serve this request.",
"ClientASN": "int; Client AS number.",
"ClientCountry": "string; 2-letter ISO-3166 country code of the client IP address.",
"ClientDeviceType": "string; Client device type.",
"ClientIP": "string; IP address of the client.",
"ClientIPClass": "string; Client IP class. Possible values are unknown | badHost | searchEngine | allowlist | monitoringService | noRecord | scan | tor.",
"ClientRequestBytes": "int; Number of bytes in the client request.",
"ClientRequestHost": "string; Host requested by the client.",
"ClientRequestMethod": "string; HTTP method of client request.",
"ClientRequestPath": "string; URI path requested by the client.",
"ClientRequestProtocol": "string; HTTP protocol of client request.",
"ClientRequestReferer": "string; HTTP request referrer.",
"ClientRequestURI": "string; URI requested by the client.",
"ClientRequestUserAgent": "string; User agent reported by the client.",
"ClientSSLCipher": "string; Client SSL cipher.",
"ClientSSLProtocol": "string; Client SSL (TLS) protocol. The value \"none\" means that SSL was not used.",
"ClientSrcPort": "int; Client source port.",
"ClientXRequestedWith": "string; X-Requested-With HTTP header.",
"Cookies": "object; String key-value pairs for Cookies. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"EdgeColoCode": "string; IATA airport code of data center that received the request.",
"EdgeColoID": "int; Cloudflare edge colo id.",
"EdgeEndTimestamp": "int or string; Timestamp at which the edge finished sending response to the client.",
"EdgePathingOp": "string; Indicates what type of response was issued for this request (unknown = no specific action).",
"EdgePathingSrc": "string; Details how the request was classified based on security checks (unknown = no specific classification).",
"EdgePathingStatus": "string; Indicates what data was used to determine the handling of this request (unknown = no data).",
"EdgeRequestHost": "string; Host header on the request from the edge to the origin.",
"EdgeResponseBytes": "int; Number of bytes returned by the edge to the client.",
"EdgeResponseCompressionRatio": "float; The edge response compression ratio is calculated as the ratio between the sizes of the original and compressed responses.",
"EdgeResponseContentType": "string; Edge response Content-Type header value.",
"EdgeResponseStatus": "int; HTTP status code returned by Cloudflare to the client.",
"EdgeServerIP": "string; IP of the edge server making a request to the origin. Possible responses are string in IPv4 or IPv6 format, or empty string. Empty string means that there was no request made to the origin server.",
"EdgeStartTimestamp": "int or string; Timestamp at which the edge received request from the client.",
"OriginIP": "string; IP of the origin server.",
"OriginResponseBytes": "int; Number of bytes returned by the origin server.",
"OriginResponseHTTPExpires": "string; Value of the origin 'expires' header in RFC1123 format.",
"OriginResponseHTTPLastModified": "string; Value of the origin 'last-modified' header in RFC1123 format.",
"OriginResponseStatus": "int; Status returned by the upstream server. The value 0 means that there was no request made to the origin server and the response was served by Cloudflare's Edge. However, if the zone has a Worker running on it, the value 0 could be the result of a Workers subrequest made to the origin.",
"OriginResponseTime": "int; Number of nanoseconds it took the origin to return the response to edge.",
"OriginSSLProtocol": "string; SSL (TLS) protocol used to connect to the origin.",
"ParentRayID": "string; Ray ID of the parent request if this request was made using a Worker script.",
"RayID": "string; ID of the request.",
"RequestHeaders": "object; String key-value pairs for RequestHeaders. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"ResponseHeaders": "object; String key-value pairs for ResponseHeaders. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"WAFFlags": "string; Additional configuration flags: simulate (0x1) | null.",
"WAFMatchedVar": "string; The full name of the most-recently matched variable.",
"WorkerCPUTime": "int; Amount of time in microseconds spent executing a worker, if any.",
"WorkerStatus": "string; Status returned from worker daemon.",
"WorkerSubrequest": "bool; Whether or not this request was a worker subrequest.",
"WorkerSubrequestCount": "int; Number of subrequests issued by a worker when handling this request."
"ZoneName": "string; the human-readable name of the zone"

Ejemplo de logpull

A continuación se muestra un ejemplo de llamada logpull y ejemplos de respuestas de tipos específicos.

• Solicitud

  ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00 --fields ClientRequestURI,EdgeResponseBytes,ParentRayID,WorkerStatus,    OriginResponseTime,EdgeResponseStatus,WorkerSubrequest,ClientRequestProtocol,EdgePathingOp,ClientSrcPort,WorkerSubrequestCount,EdgeRequestHost,    ClientSSLCipher,EdgePathingSrc,OriginResponseStatus,ClientIPClass,EdgeColoID,ClientCountry,ClientRequestHost,WAFFlags,ClientASN,EdgeServerIP,    CacheCacheStatus,SecurityLevel,ClientRequestUserAgent,CacheResponseBytes,EdgeStartTimestamp,ClientSSLProtocol,EdgeEndTimestamp,EdgeResponseContentType,    ClientRequestBytes,CacheResponseStatus,WorkerCPUTime,RayID,ClientRequestMethod,ClientIP,ClientRequestPath,OriginResponseHTTPExpires,CacheTieredFill,WAFRuleMessage,    EdgePathingStatus,ClientDeviceType,OriginSSLProtocol,EdgeRateLimitAction,OriginIP,EdgeRateLimitID,ZoneName,EdgeResponseCompressionRatio,ClientRequestReferer,    OriginResponseHTTPLastModified,OriginResponseBytes --timestamps=rfc3339'
  

• Respuesta con el código de estado 200

  {
  "CacheCacheStatus":"unknown",
  "CacheResponseBytes":396,
  "CacheResponseStatus":200,
  "CacheTieredFill":false,
  "ClientASN":56046,
  "ClientCountry":"cn",
  "ClientDeviceType":"desktop",
  "ClientIP":"1.1.1.1",
  "ClientIPClass":"noRecord",
  "ClientRequestBytes":400,
  "ClientRequestHost":"foo.com",
  "ClientRequestMethod":"GET",
  "ClientRequestPath":"/",
  "ClientRequestProtocol":"HTTP/1.1",
  "ClientRequestReferer":"",
  "ClientRequestURI":"/",
  "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
  "ClientSSLCipher":"NONE",
  "ClientSSLProtocol":"none",
  "ClientSrcPort":4532,
  "EdgeColoID":134,
  "EdgeEndTimestamp":"2019-01-03T01:54:11Z",
  "EdgePathingOp":"wl",
  "EdgePathingSrc":"macro",
  "EdgePathingStatus":"nr",
  "EdgeRateLimitAction":"",
  "EdgeRateLimitID":0,
  "EdgeRequestHost":"foo.com",
  "EdgeResponseBytes":808,
  "EdgeResponseCompressionRatio":1.57,
  "EdgeResponseContentType":"text/html",
  "EdgeResponseStatus":200,
  "EdgeServerIP":"172.69.98.106",
  "EdgeStartTimestamp":"2019-01-03T01:54:11Z",
  "OriginIP":"2.2.2.2",
  "OriginResponseBytes":0,
  "OriginResponseHTTPExpires":"",
  "OriginResponseHTTPLastModified":"Tue, 31 Jan 2017 15:01:11 UTC",
  "OriginResponseStatus":200,
  "OriginResponseTime":7000000,
  "OriginSSLProtocol":"unknown",
  "ParentRayID":"00",
  "RayID":"4931d60516c0b0b0",
  "SecurityLevel":"med",
  "WAFFlags":"0",
  "WAFMatchedVar":"",
  "WAFProfile":"unknown",
  "WAFRuleID":"",
  "WAFRuleMessage":"",
  "WorkerCPUTime":0,
  "WorkerStatus":"unknown",
  "WorkerSubrequest":false,
  "WorkerSubrequestCount":0,
  "ZoneName":"example.com"
  }
  

• Respuesta con el código de estado 404

  {
  "CacheCacheStatus":"miss",
  "CacheResponseBytes":209,
  "CacheResponseStatus":404,
  "CacheTieredFill":false,
  "ClientASN":56046,
  "ClientCountry":"cn",
  "ClientDeviceType":"desktop",
  "ClientIP":"1.1.1.1",
  "ClientIPClass":"noRecord",
  "ClientRequestBytes":433,
  "ClientRequestHost":"foo.com",
  "ClientRequestMethod":"GET",
  "ClientRequestPath":"/favicon.ico",
  "ClientRequestProtocol":"HTTP/1.1",
  "ClientRequestReferer":"foo.com/",
  "ClientRequestURI":"/favicon.ico",
  "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
  "ClientSSLCipher":"NONE",
  "ClientSSLProtocol":"none",
  "ClientSrcPort":4532,
  "EdgeColoID":134,
  "EdgeEndTimestamp":"2019-01-03T01:54:12Z",
  "EdgePathingOp":"wl",
  "EdgePathingSrc":"macro",
  "EdgePathingStatus":"nr",
  "EdgeRateLimitAction":"",
  "EdgeRateLimitID":0,
  "EdgeRequestHost":"foo.com",
  "EdgeResponseBytes":556,
  "EdgeResponseCompressionRatio":2.87,
  "EdgeResponseContentType":"text/html",
  "EdgeResponseStatus":404,
  "EdgeServerIP":"172.69.98.148",
  "EdgeStartTimestamp":"2019-01-03T01:54:12Z",
  "OriginIP":"2.2.2.2",
  "OriginResponseBytes":0,
  "OriginResponseHTTPExpires":"",
  "OriginResponseHTTPLastModified":"",
  "OriginResponseStatus":404,
  "OriginResponseTime":7000000,
  "OriginSSLProtocol":"unknown",
  "ParentRayID":"00",
  "RayID":"4931d60a16c8b0b0",
  "SecurityLevel":"med",
  "WAFFlags":"0",
  "WAFMatchedVar":"",
  "WAFProfile":"unknown",
  "WAFRuleMessage":"",
  "WorkerCPUTime":0,
  "WorkerStatus":"unknown",
  "WorkerSubrequest":false,
  "WorkerSubrequestCount":0,
  "ZoneName":"example.com"
  }
  

• La solicitud ha coincidido con una regla WAF (ataque SQLj)

  {
  "CacheCacheStatus":"unknown",
  "CacheResponseBytes":0,
  "CacheResponseStatus":0,
  "CacheTieredFill":false,
  "ClientASN":56046,
  "ClientCountry":"cn",
  "ClientDeviceType":"desktop",
  "ClientIP":"1.1.1.1",
  "ClientIPClass":"noRecord",
  "ClientRequestBytes":501,
  "ClientRequestHost":"foo.com",
  "ClientRequestMethod":"GET",
  "ClientRequestPath":"/login.php",
  "ClientRequestProtocol":"HTTP/1.1",
  "ClientRequestReferer":"",
  "ClientRequestURI":"/login.php?username=asdf&password=asdf",
  "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0",
  "ClientSSLCipher":"NONE",
  "ClientSSLProtocol":"none",
  "ClientSrcPort":48718,
  "EdgeColoID":134,
  "EdgeEndTimestamp":"2019-01-04T02:22:26Z",
  "EdgePathingOp":"wl",
  "EdgePathingSrc":"macro",
  "EdgePathingStatus":"nr",
  "EdgeRateLimitAction":"",
  "EdgeRateLimitID":0,
  "EdgeRequestHost":"",
  "EdgeResponseBytes":1849,
  "EdgeResponseCompressionRatio":2.82,
  "EdgeResponseContentType":"text/html",
  "EdgeResponseStatus":403,
  "EdgeServerIP":"",
  "EdgeStartTimestamp":"2019-01-04T02:22:26Z",
  "OriginIP":"",
  "OriginResponseBytes":0,
  "OriginResponseHTTPExpires":"",
  "OriginResponseHTTPLastModified":"",
  "OriginResponseStatus":0,
  "OriginResponseTime":0,
  "OriginSSLProtocol":"unknown",
  "ParentRayID":"00",
  "RayID":"493a3cc9463eb0d4",
  "SecurityLevel":"med",
  "WAFFlags":"0",
  "WAFMatchedVar":"ARGS:USERNAME",
  "WAFProfile":"off",
  "WAFRuleMessage":"SQLi probing",
  "WorkerCPUTime":0,
  "WorkerStatus":"unknown",
  "WorkerSubrequest":false,
  "WorkerSubrequestCount":0,
  "ZoneName":"example.com"
  }
  

• La solicitud ha coincidido con una regla de cortafuegos

  {
  "CacheCacheStatus":"unknown",
  "CacheResponseBytes":0,
  "CacheResponseStatus":0,
  "CacheTieredFill":false,
  "ClientASN":36351,
  "ClientCountry":"us",
  "ClientDeviceType":"desktop",
  "ClientIP":"1.1.1.1",
  "ClientIPClass":"noRecord",
  "ClientRequestBytes":90,
  "ClientRequestHost":"foo.com",
  "ClientRequestMethod":"GET",
  "ClientRequestPath":"/",
  "ClientRequestProtocol":"HTTP/1.1",
  "ClientRequestReferer":"",
  "ClientRequestURI":"/",
  "ClientRequestUserAgent":"curl/7.47.0",
  "ClientSSLCipher":"NONE",
  "ClientSSLProtocol":"none",
  "ClientSrcPort":57260,
  "EdgeColoID":26,
  "EdgeEndTimestamp":"2019-01-03T08:48:42Z",
  "EdgePathingOp":"ban",
  "EdgePathingSrc":"user",
  "EdgePathingStatus":"ip",
  "EdgeRateLimitAction":"",
  "EdgeRateLimitID":0,
  "EdgeRequestHost":"",
  "EdgeResponseBytes":3556,
  "EdgeResponseCompressionRatio":0,
  "EdgeResponseContentType":"text/html",
  "EdgeResponseStatus":403,
  "EdgeServerIP":"",
  "EdgeStartTimestamp":"2019-01-03T08:48:42Z",
  "OriginIP":"",
  "OriginResponseBytes":0,
  "OriginResponseHTTPExpires":"",
  "OriginResponseHTTPLastModified":"",
  "OriginResponseStatus":0,
  "OriginResponseTime":0,
  "OriginSSLProtocol":"unknown",
  "ParentRayID":"00",
  "RayID":"493a6341d02565e7",
  "SecurityLevel":"med",
  "WAFFlags":"0",
  "WAFMatchedVar":"",
  "WAFProfile":"unknown",
  "WAFRuleMessage":"",
  "WorkerCPUTime":0,
  "WorkerStatus":"unknown",
  "WorkerSubrequest":false,
  "WorkerSubrequestCount":0,
  "ZoneName":"example.com"
  }
  

• La solicitud se ha limitado en velocidad

  {
  "CacheCacheStatus":"unknown",
  "CacheResponseBytes":0,
  "CacheResponseStatus":0,
  "CacheTieredFill":false,
  "ClientASN":36351,
  "ClientCountry":"us",
  "ClientDeviceType":"desktop",
  "ClientIP":"1.1.1.1",
  "ClientIPClass":"noRecord",
  "ClientRequestBytes":90,
  "ClientRequestHost":"foo.com",
  "ClientRequestMethod":"GET",
  "ClientRequestPath":"/",
  "ClientRequestProtocol":"HTTP/1.1",
  "ClientRequestReferer":"",
  "ClientRequestURI":"/",
  "ClientRequestUserAgent":"curl/7.47.0",
  "ClientSSLCipher":"NONE",
  "ClientSSLProtocol":"none",
  "ClientSrcPort":33186,
  "EdgeColoID":26,
  "EdgeEndTimestamp":"2019-01-03T08:59:55Z",
  "EdgePathingOp":"ban",
  "EdgePathingSrc":"user",
  "EdgePathingStatus":"rateLimit",
  "EdgeRateLimitAction":"ban",
  "EdgeRateLimitID":1307134,
  "EdgeRequestHost":"",
  "EdgeResponseBytes":3559,
  "EdgeResponseCompressionRatio":0,
  "EdgeResponseContentType":"text/html",
  "EdgeResponseStatus":429,
  "EdgeServerIP":"",
  "EdgeStartTimestamp":"2019-01-03T08:59:55Z",
  "OriginIP":"",
  "OriginResponseBytes":0,
  "OriginResponseHTTPExpires":"",
  "OriginResponseHTTPLastModified":"",
  "OriginResponseStatus":0,
  "OriginResponseTime":0,
  "OriginSSLProtocol":"unknown",
  "ParentRayID":"00",
  "RayID":"493a73ad468419b6",
  "SecurityLevel":"med",
  "WAFFlags":"0",
  "WAFMatchedVar":"",
  "WAFProfile":"unknown",
  "WAFRuleMessage":"",
  "WorkerCPUTime":0,
  "WorkerStatus":"unknown",
  "WorkerSubrequest":false,
  "WorkerSubrequestCount":0,
  "ZoneName":"example.com"
  }
  

• El servidor de origen está inactivo (Error 521, el servidor web está inactivo)

  {
  "CacheCacheStatus":"miss",
  "CacheResponseBytes":177,
  "CacheResponseStatus":521,
  "CacheTieredFill":false,
  "ClientASN":56046,
  "ClientCountry":"cn",
  "ClientDeviceType":"desktop",
  "ClientIP":"1.1.1.1",
  "ClientIPClass":"noRecord",
  "ClientRequestBytes":1082,
  "ClientRequestHost":"foo.com",
  "ClientRequestMethod":"GET",
  "ClientRequestPath":"/favicon.ico",
  "ClientRequestProtocol":"HTTP/2",
  "ClientRequestReferer":"",
  "ClientRequestURI":"/favicon.ico",
  "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0",
  "ClientSSLCipher":"AEAD-AES128-GCM-SHA256",
  "ClientSSLProtocol":"TLSv1.3",
  "ClientSrcPort":3060,
  "EdgeColoID":134,
  "EdgeEndTimestamp":"2019-01-03T06:33:55Z",
  "EdgePathingOp":"wl",
  "EdgePathingSrc":"macro",
  "EdgePathingStatus":"nr",
  "EdgeRateLimitAction":"",
  "EdgeRateLimitID":0,
  "EdgeRequestHost":"foo.com",
  "EdgeResponseBytes":5177,
  "EdgeResponseCompressionRatio":0,
  "EdgeResponseContentType":"text/html",
  "EdgeResponseStatus":521,
  "EdgeServerIP":"172.69.98.148",
  "EdgeStartTimestamp":"2019-01-03T06:33:55Z",
  "OriginIP":"2.2.2.2",
  "OriginResponseBytes":0,
  "OriginResponseHTTPExpires":"",
  "OriginResponseHTTPLastModified":"",
  "OriginResponseStatus":0,
  "OriginResponseTime":3000000,
  "OriginSSLProtocol":"unknown",
  "ParentRayID":"00",
  "RayID":"49336fc9397ab080",
  "SecurityLevel":"med",
  "WAFFlags":"0",
  "WAFMatchedVar":"",
  "WAFProfile":"unknown",
  "WAFRuleMessage":"",
  "WorkerCPUTime":0,
  "WorkerStatus":"unknown",
  "WorkerSubrequest":false,
  "WorkerSubrequestCount":0,
  "ZoneName":"example.com"
  }
  

Limitaciones

Se aplican las siguientes restricciones de uso al utilizar la característica Logpull.

• Límites de velocidad: si se superan estos límites, se produce una respuesta de error de 429 :
  • 15 solicitudes por minuto por zona
  • 180 solicitudes por minuto por usuario
• Rango de tiempo: La diferencia máxima entre los parámetros de inicio y de finalización puede ser de 1 hora.
• Tamaño de respuesta: El tamaño máximo de respuesta es de 10 GiB por solicitud, que es equivalente a unos 15 M de registros cuando se seleccionan unos 55 campos. Se pueden recuperar más registros cuando se seleccionan menos campos porque el tamaño por registro es menor.
• Tiempo de espera: la respuesta fallará con una conexión terminada después de 10 minutos.
• Tiempo de espera de secuencia: la solicitud finalizará con una respuesta de error 408 si la conexión está desocupada durante 30 segundos. Este tiempo de espera normalmente significa que la solicitud es demasiado exhaustiva (tiempos de espera excedidos frecuentes-más de 12 por hora). Los tiempos de espera de secuencia harán que las consultas posteriores se bloqueen con un código de estado 429 durante 1 hora. Para evitar el tiempo de espera, intente solicitar registros utilizando menos número de campos o intente con parámetros de inicio y final más pequeños.