IBM Cloud Docs
Utilisation du service Logpull

Utilisation du service Logpull

Les clients IBM peuvent accéder au service Logpull sur des comptes Enterprise. Ce service permet aux utilisateurs de consommer les logs de requête sur HTTP en utilisant la commande Logpull. Ces journaux contiennent des données relatives au client qui se connecte, au chemin de demande via le réseau et à la réponse du serveur Web d'origine. Les utilisateurs peuvent interroger les journaux à partir d'une minute dans le passé (par rapport à l'heure réelle à laquelle vous effectuez la requête).

Activation de la conservation des journaux

Les journaux Edge ne sont pas conservés par défaut. Avant d'extraire des journaux à l'aide de l'interface de ligne de commande de Logpull, vous devez activer la conservation des journaux. Pour cela, vous devez vérifier le paramètre actuel, puis activer ou désactiver la conservation des journaux. Lorsque cette option est activée, les journaux sont conservés pendant 7 jours. Si la conservation est désactivée, les journaux précédemment sauvegardés seront disponibles jusqu'à l'expiration de la période de conservation.

  1. Pour vérifier si la conservation des journaux est actuellement désactivée, utilisez l'interface de ligne de commande de log-retention :
ibmcloud cis log-retention DNS_DOMAIN_ID
  1. Si la sortie indique que l'indicateur est off (par défaut), mettez à jour le paramètre comme suit :
ibmcloud cis log-retention-update DNS_DOMAIN_ID --flag on

Cas d'utilisation de logpull

Obtention des journaux par RayID

Si vous recevez un message d'erreur après avoir exécuté une commande, vous pouvez utiliser le RayID fourni dans l'en-tête de la réponse pour obtenir les journaux liés à la commande.

Si vous disposez d'un RAY_ID avec -XXX à la fin, veillez à le supprimer. Par exemple, 12ab34cdef567gh8-XXX devient 12ab34cdef567gh8.

Utilisez la commande suivante pour la demande :

ibmcloud cis logpull DNS_DOMAIN_ID --ray-id RAY_ID

La réponse est la suivante :

{
    "ClientIP": "68.278.11.89",
    "ClientRequestHost": "testing.logpull.com",
    "ClientRequestMethod": "GET",
    "ClientRequestURI": "/var/www",
    "EdgeEndTimestamp": 1545155129703000000,
    "EdgeResponseBytes": 1935,
    "EdgeResponseStatus": 403,
    "EdgeStartTimestamp": 1545155129696000000,
    "RayID": "48b371889c489b2c"
}

Obtention des journaux en fonction de la durée

Si vous recevez un message d'erreur après avoir exécuté une commande, mais que vous ne connaissez pas le RayID de la réponse, vous pouvez utiliser une durée pour extraire tous les journaux de la période au cours de laquelle l'erreur s'est produite.

Utilisez la commande suivante pour la demande :

ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00

--start et --end est saisi comme un horodatage UNIX (en secondes ou nanosecondes), ou comme un horodatage absolu conforme à la norme RFC 3339, avec une durée d'une minute ou d'une heure.

La réponse est la suivante :

{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-collapse.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":2205,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628044000000,"RayID":"48ab19434891c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/3d.gif","EdgeEndTimestamp":1545067627970000000,"EdgeResponseBytes":2538446,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627951000000,"RayID":"48ab1942bf96c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/logo.gif","EdgeEndTimestamp":1545067628051000000,"EdgeResponseBytes":82257,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628048000000,"RayID":"48ab194348a0c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/docs.css","EdgeEndTimestamp":1545067627952000000,"EdgeResponseBytes":540,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af8ac7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap.css","EdgeEndTimestamp":1545067627952000000,"EdgeResponseBytes":17311,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af85c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/jquery.js","EdgeEndTimestamp":1545067628045000000,"EdgeResponseBytes":33555,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628042000000,"RayID":"48ab19434882c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/watson.gif","EdgeEndTimestamp":1545067628052000000,"EdgeResponseBytes":893230,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab194348a3c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-386.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":1663,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628043000000,"RayID":"48ab19434884c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/Fixedsys500c.woff","EdgeEndTimestamp":1545067630272000000,"EdgeResponseBytes":14055,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067629064000000,"RayID":"48ab1949aca2c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bios.gif","EdgeEndTimestamp":1545067628055000000,"EdgeResponseBytes":1121237,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab1943489ec7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-modal.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":2569,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628043000000,"RayID":"48ab1943488ac7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/holder.js","EdgeEndTimestamp":1545067628053000000,"EdgeResponseBytes":4593,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab19434898c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/old_school.png","EdgeEndTimestamp":1545067627960000000,"EdgeResponseBytes":1466,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627952000000,"RayID":"48ab1942bf92c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-responsive.css","EdgeEndTimestamp":1545067627951000000,"EdgeResponseBytes":4797,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af86c7a7"}

Zones disponibles

Si les fields ne sont pas spécifiées dans la demande, un jeu limité de zones par défaut est renvoyé. Retrouvez la liste complète de toutes les zones disponibles ici :

ibmcloud cis logpull DNS_DOMAIN_ID --available-fields

Les zones sont transmises sous forme de liste de valeurs séparées par des virgules. Par exemple, pour l'utilisation de "ZoneName" et "RayID",:

ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00 --fields ZoneName,RayID

Liste de zones

Zones disponibles :

"BotScore": "int; Cloudflare Bot Score. Scores below 30 are commonly associated with automated traffic. Available only for Bot Management customers. To enable this feature, contact your account team.",
"BotScoreSrc": "string; Detection engine responsible for generating the Bot Score. Possible values are Not Computed | Heuristics | Machine Learning | Behavioral Analysis | Verified Bot | JS Fingerprinting | Cloudflare Service. Available only for Bot Management customers. To enable this feature, contact your account team.",
"CacheCacheStatus": "string; Cache status. Possible values are unknown | miss | expired | updating | stale | hit | ignored | bypass | revalidated | dynamic | stream_hit | deferred \"dynamic\" means that a request is not eligible for cache. This can mean, for example that it was blocked by the firewall. Refer to [Cloudflare cache responses](https://developers.cloudflare.com/cache/concepts/cache-responses/) for more details.",
"CacheResponseBytes": "int; Number of bytes returned by the cache.",
"CacheResponseStatus": "int; HTTP status code returned by the cache to the edge. All requests (including non-cacheable ones) go through the cache. Refer also to CacheCacheStatus field.",
"CacheTieredFill": "bool; Tiered Cache was used to serve this request.",
"ClientASN": "int; Client AS number.",
"ClientCountry": "string; 2-letter ISO-3166 country code of the client IP address.",
"ClientDeviceType": "string; Client device type.",
"ClientIP": "string; IP address of the client.",
"ClientIPClass": "string; Client IP class. Possible values are unknown | badHost | searchEngine | allowlist | monitoringService | noRecord | scan | tor.",
"ClientRequestBytes": "int; Number of bytes in the client request.",
"ClientRequestHost": "string; Host requested by the client.",
"ClientRequestMethod": "string; HTTP method of client request.",
"ClientRequestPath": "string; URI path requested by the client.",
"ClientRequestProtocol": "string; HTTP protocol of client request.",
"ClientRequestReferer": "string; HTTP request referrer.",
"ClientRequestURI": "string; URI requested by the client.",
"ClientRequestUserAgent": "string; User agent reported by the client.",
"ClientSSLCipher": "string; Client SSL cipher.",
"ClientSSLProtocol": "string; Client SSL (TLS) protocol. The value \"none\" means that SSL was not used.",
"ClientSrcPort": "int; Client source port.",
"ClientXRequestedWith": "string; X-Requested-With HTTP header.",
"Cookies": "object; String key-value pairs for Cookies. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"EdgeColoCode": "string; IATA airport code of data center that received the request.",
"EdgeColoID": "int; Cloudflare edge colo id.",
"EdgeEndTimestamp": "int or string; Timestamp at which the edge finished sending response to the client.",
"EdgePathingOp": "string; Indicates what type of response was issued for this request (unknown = no specific action).",
"EdgePathingSrc": "string; Details how the request was classified based on security checks (unknown = no specific classification).",
"EdgePathingStatus": "string; Indicates what data was used to determine the handling of this request (unknown = no data).",
"EdgeRequestHost": "string; Host header on the request from the edge to the origin.",
"EdgeResponseBytes": "int; Number of bytes returned by the edge to the client.",
"EdgeResponseCompressionRatio": "float; The edge response compression ratio is calculated as the ratio between the sizes of the original and compressed responses.",
"EdgeResponseContentType": "string; Edge response Content-Type header value.",
"EdgeResponseStatus": "int; HTTP status code returned by Cloudflare to the client.",
"EdgeServerIP": "string; IP of the edge server making a request to the origin. Possible responses are string in IPv4 or IPv6 format, or empty string. Empty string means that there was no request made to the origin server.",
"EdgeStartTimestamp": "int or string; Timestamp at which the edge received request from the client.",
"OriginIP": "string; IP of the origin server.",
"OriginResponseBytes": "int; Number of bytes returned by the origin server.",
"OriginResponseHTTPExpires": "string; Value of the origin 'expires' header in RFC1123 format.",
"OriginResponseHTTPLastModified": "string; Value of the origin 'last-modified' header in RFC1123 format.",
"OriginResponseStatus": "int; Status returned by the upstream server. The value 0 means that there was no request made to the origin server and the response was served by Cloudflare's Edge. However, if the zone has a Worker running on it, the value 0 could be the result of a Workers subrequest made to the origin.",
"OriginResponseTime": "int; Number of nanoseconds it took the origin to return the response to edge.",
"OriginSSLProtocol": "string; SSL (TLS) protocol used to connect to the origin.",
"ParentRayID": "string; Ray ID of the parent request if this request was made using a Worker script.",
"RayID": "string; ID of the request.",
"RequestHeaders": "object; String key-value pairs for RequestHeaders. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"ResponseHeaders": "object; String key-value pairs for ResponseHeaders. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"WAFFlags": "string; Additional configuration flags: simulate (0x1) | null.",
"WAFMatchedVar": "string; The full name of the most-recently matched variable.",
"WorkerCPUTime": "int; Amount of time in microseconds spent executing a worker, if any.",
"WorkerStatus": "string; Status returned from worker daemon.",
"WorkerSubrequest": "bool; Whether or not this request was a worker subrequest.",
"WorkerSubrequestCount": "int; Number of subrequests issued by a worker when handling this request."
"ZoneName": "string; the human-readable name of the zone"

Exemple de commande logpull

Vous trouverez ci-dessous un exemple d'appel logpull et des exemples de types spécifiques de réponse.

  • Demande

    ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00 --fields ClientRequestURI,EdgeResponseBytes,ParentRayID,WorkerStatus,    OriginResponseTime,EdgeResponseStatus,WorkerSubrequest,ClientRequestProtocol,EdgePathingOp,ClientSrcPort,WorkerSubrequestCount,EdgeRequestHost,    ClientSSLCipher,EdgePathingSrc,OriginResponseStatus,ClientIPClass,EdgeColoID,ClientCountry,ClientRequestHost,WAFFlags,ClientASN,EdgeServerIP,    CacheCacheStatus,SecurityLevel,ClientRequestUserAgent,CacheResponseBytes,EdgeStartTimestamp,ClientSSLProtocol,EdgeEndTimestamp,EdgeResponseContentType,    ClientRequestBytes,CacheResponseStatus,WorkerCPUTime,RayID,ClientRequestMethod,ClientIP,ClientRequestPath,OriginResponseHTTPExpires,CacheTieredFill,WAFRuleMessage,    EdgePathingStatus,ClientDeviceType,OriginSSLProtocol,EdgeRateLimitAction,OriginIP,EdgeRateLimitID,ZoneName,EdgeResponseCompressionRatio,ClientRequestReferer,    OriginResponseHTTPLastModified,OriginResponseBytes --timestamps=rfc3339'
    
  • Réponse avec code d'état 200

    {
    "CacheCacheStatus":"unknown",
    "CacheResponseBytes":396,
    "CacheResponseStatus":200,
    "CacheTieredFill":false,
    "ClientASN":56046,
    "ClientCountry":"cn",
    "ClientDeviceType":"desktop",
    "ClientIP":"1.1.1.1",
    "ClientIPClass":"noRecord",
    "ClientRequestBytes":400,
    "ClientRequestHost":"foo.com",
    "ClientRequestMethod":"GET",
    "ClientRequestPath":"/",
    "ClientRequestProtocol":"HTTP/1.1",
    "ClientRequestReferer":"",
    "ClientRequestURI":"/",
    "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
    "ClientSSLCipher":"NONE",
    "ClientSSLProtocol":"none",
    "ClientSrcPort":4532,
    "EdgeColoID":134,
    "EdgeEndTimestamp":"2019-01-03T01:54:11Z",
    "EdgePathingOp":"wl",
    "EdgePathingSrc":"macro",
    "EdgePathingStatus":"nr",
    "EdgeRateLimitAction":"",
    "EdgeRateLimitID":0,
    "EdgeRequestHost":"foo.com",
    "EdgeResponseBytes":808,
    "EdgeResponseCompressionRatio":1.57,
    "EdgeResponseContentType":"text/html",
    "EdgeResponseStatus":200,
    "EdgeServerIP":"172.69.98.106",
    "EdgeStartTimestamp":"2019-01-03T01:54:11Z",
    "OriginIP":"2.2.2.2",
    "OriginResponseBytes":0,
    "OriginResponseHTTPExpires":"",
    "OriginResponseHTTPLastModified":"Tue, 31 Jan 2017 15:01:11 UTC",
    "OriginResponseStatus":200,
    "OriginResponseTime":7000000,
    "OriginSSLProtocol":"unknown",
    "ParentRayID":"00",
    "RayID":"4931d60516c0b0b0",
    "SecurityLevel":"med",
    "WAFFlags":"0",
    "WAFMatchedVar":"",
    "WAFProfile":"unknown",
    "WAFRuleID":"",
    "WAFRuleMessage":"",
    "WorkerCPUTime":0,
    "WorkerStatus":"unknown",
    "WorkerSubrequest":false,
    "WorkerSubrequestCount":0,
    "ZoneName":"example.com"
    }
    
  • Réponse avec code d'état 404

    {
    "CacheCacheStatus":"miss",
    "CacheResponseBytes":209,
    "CacheResponseStatus":404,
    "CacheTieredFill":false,
    "ClientASN":56046,
    "ClientCountry":"cn",
    "ClientDeviceType":"desktop",
    "ClientIP":"1.1.1.1",
    "ClientIPClass":"noRecord",
    "ClientRequestBytes":433,
    "ClientRequestHost":"foo.com",
    "ClientRequestMethod":"GET",
    "ClientRequestPath":"/favicon.ico",
    "ClientRequestProtocol":"HTTP/1.1",
    "ClientRequestReferer":"foo.com/",
    "ClientRequestURI":"/favicon.ico",
    "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
    "ClientSSLCipher":"NONE",
    "ClientSSLProtocol":"none",
    "ClientSrcPort":4532,
    "EdgeColoID":134,
    "EdgeEndTimestamp":"2019-01-03T01:54:12Z",
    "EdgePathingOp":"wl",
    "EdgePathingSrc":"macro",
    "EdgePathingStatus":"nr",
    "EdgeRateLimitAction":"",
    "EdgeRateLimitID":0,
    "EdgeRequestHost":"foo.com",
    "EdgeResponseBytes":556,
    "EdgeResponseCompressionRatio":2.87,
    "EdgeResponseContentType":"text/html",
    "EdgeResponseStatus":404,
    "EdgeServerIP":"172.69.98.148",
    "EdgeStartTimestamp":"2019-01-03T01:54:12Z",
    "OriginIP":"2.2.2.2",
    "OriginResponseBytes":0,
    "OriginResponseHTTPExpires":"",
    "OriginResponseHTTPLastModified":"",
    "OriginResponseStatus":404,
    "OriginResponseTime":7000000,
    "OriginSSLProtocol":"unknown",
    "ParentRayID":"00",
    "RayID":"4931d60a16c8b0b0",
    "SecurityLevel":"med",
    "WAFFlags":"0",
    "WAFMatchedVar":"",
    "WAFProfile":"unknown",
    "WAFRuleMessage":"",
    "WorkerCPUTime":0,
    "WorkerStatus":"unknown",
    "WorkerSubrequest":false,
    "WorkerSubrequestCount":0,
    "ZoneName":"example.com"
    }
    
  • Requête correspondant à une règle WAF (attaque SQLj)

    {
    "CacheCacheStatus":"unknown",
    "CacheResponseBytes":0,
    "CacheResponseStatus":0,
    "CacheTieredFill":false,
    "ClientASN":56046,
    "ClientCountry":"cn",
    "ClientDeviceType":"desktop",
    "ClientIP":"1.1.1.1",
    "ClientIPClass":"noRecord",
    "ClientRequestBytes":501,
    "ClientRequestHost":"foo.com",
    "ClientRequestMethod":"GET",
    "ClientRequestPath":"/login.php",
    "ClientRequestProtocol":"HTTP/1.1",
    "ClientRequestReferer":"",
    "ClientRequestURI":"/login.php?username=asdf&password=asdf",
    "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0",
    "ClientSSLCipher":"NONE",
    "ClientSSLProtocol":"none",
    "ClientSrcPort":48718,
    "EdgeColoID":134,
    "EdgeEndTimestamp":"2019-01-04T02:22:26Z",
    "EdgePathingOp":"wl",
    "EdgePathingSrc":"macro",
    "EdgePathingStatus":"nr",
    "EdgeRateLimitAction":"",
    "EdgeRateLimitID":0,
    "EdgeRequestHost":"",
    "EdgeResponseBytes":1849,
    "EdgeResponseCompressionRatio":2.82,
    "EdgeResponseContentType":"text/html",
    "EdgeResponseStatus":403,
    "EdgeServerIP":"",
    "EdgeStartTimestamp":"2019-01-04T02:22:26Z",
    "OriginIP":"",
    "OriginResponseBytes":0,
    "OriginResponseHTTPExpires":"",
    "OriginResponseHTTPLastModified":"",
    "OriginResponseStatus":0,
    "OriginResponseTime":0,
    "OriginSSLProtocol":"unknown",
    "ParentRayID":"00",
    "RayID":"493a3cc9463eb0d4",
    "SecurityLevel":"med",
    "WAFFlags":"0",
    "WAFMatchedVar":"ARGS:USERNAME",
    "WAFProfile":"off",
    "WAFRuleMessage":"SQLi probing",
    "WorkerCPUTime":0,
    "WorkerStatus":"unknown",
    "WorkerSubrequest":false,
    "WorkerSubrequestCount":0,
    "ZoneName":"example.com"
    }
    
  • Demande correspondant à une règle de pare-feu

    {
    "CacheCacheStatus":"unknown",
    "CacheResponseBytes":0,
    "CacheResponseStatus":0,
    "CacheTieredFill":false,
    "ClientASN":36351,
    "ClientCountry":"us",
    "ClientDeviceType":"desktop",
    "ClientIP":"1.1.1.1",
    "ClientIPClass":"noRecord",
    "ClientRequestBytes":90,
    "ClientRequestHost":"foo.com",
    "ClientRequestMethod":"GET",
    "ClientRequestPath":"/",
    "ClientRequestProtocol":"HTTP/1.1",
    "ClientRequestReferer":"",
    "ClientRequestURI":"/",
    "ClientRequestUserAgent":"curl/7.47.0",
    "ClientSSLCipher":"NONE",
    "ClientSSLProtocol":"none",
    "ClientSrcPort":57260,
    "EdgeColoID":26,
    "EdgeEndTimestamp":"2019-01-03T08:48:42Z",
    "EdgePathingOp":"ban",
    "EdgePathingSrc":"user",
    "EdgePathingStatus":"ip",
    "EdgeRateLimitAction":"",
    "EdgeRateLimitID":0,
    "EdgeRequestHost":"",
    "EdgeResponseBytes":3556,
    "EdgeResponseCompressionRatio":0,
    "EdgeResponseContentType":"text/html",
    "EdgeResponseStatus":403,
    "EdgeServerIP":"",
    "EdgeStartTimestamp":"2019-01-03T08:48:42Z",
    "OriginIP":"",
    "OriginResponseBytes":0,
    "OriginResponseHTTPExpires":"",
    "OriginResponseHTTPLastModified":"",
    "OriginResponseStatus":0,
    "OriginResponseTime":0,
    "OriginSSLProtocol":"unknown",
    "ParentRayID":"00",
    "RayID":"493a6341d02565e7",
    "SecurityLevel":"med",
    "WAFFlags":"0",
    "WAFMatchedVar":"",
    "WAFProfile":"unknown",
    "WAFRuleMessage":"",
    "WorkerCPUTime":0,
    "WorkerStatus":"unknown",
    "WorkerSubrequest":false,
    "WorkerSubrequestCount":0,
    "ZoneName":"example.com"
    }
    
  • Demande limitée par le débit

    {
    "CacheCacheStatus":"unknown",
    "CacheResponseBytes":0,
    "CacheResponseStatus":0,
    "CacheTieredFill":false,
    "ClientASN":36351,
    "ClientCountry":"us",
    "ClientDeviceType":"desktop",
    "ClientIP":"1.1.1.1",
    "ClientIPClass":"noRecord",
    "ClientRequestBytes":90,
    "ClientRequestHost":"foo.com",
    "ClientRequestMethod":"GET",
    "ClientRequestPath":"/",
    "ClientRequestProtocol":"HTTP/1.1",
    "ClientRequestReferer":"",
    "ClientRequestURI":"/",
    "ClientRequestUserAgent":"curl/7.47.0",
    "ClientSSLCipher":"NONE",
    "ClientSSLProtocol":"none",
    "ClientSrcPort":33186,
    "EdgeColoID":26,
    "EdgeEndTimestamp":"2019-01-03T08:59:55Z",
    "EdgePathingOp":"ban",
    "EdgePathingSrc":"user",
    "EdgePathingStatus":"rateLimit",
    "EdgeRateLimitAction":"ban",
    "EdgeRateLimitID":1307134,
    "EdgeRequestHost":"",
    "EdgeResponseBytes":3559,
    "EdgeResponseCompressionRatio":0,
    "EdgeResponseContentType":"text/html",
    "EdgeResponseStatus":429,
    "EdgeServerIP":"",
    "EdgeStartTimestamp":"2019-01-03T08:59:55Z",
    "OriginIP":"",
    "OriginResponseBytes":0,
    "OriginResponseHTTPExpires":"",
    "OriginResponseHTTPLastModified":"",
    "OriginResponseStatus":0,
    "OriginResponseTime":0,
    "OriginSSLProtocol":"unknown",
    "ParentRayID":"00",
    "RayID":"493a73ad468419b6",
    "SecurityLevel":"med",
    "WAFFlags":"0",
    "WAFMatchedVar":"",
    "WAFProfile":"unknown",
    "WAFRuleMessage":"",
    "WorkerCPUTime":0,
    "WorkerStatus":"unknown",
    "WorkerSubrequest":false,
    "WorkerSubrequestCount":0,
    "ZoneName":"example.com"
    }
    
  • Le serveur d'origine est en panne (erreur 521, le serveur Web est en panne)

    {
    "CacheCacheStatus":"miss",
    "CacheResponseBytes":177,
    "CacheResponseStatus":521,
    "CacheTieredFill":false,
    "ClientASN":56046,
    "ClientCountry":"cn",
    "ClientDeviceType":"desktop",
    "ClientIP":"1.1.1.1",
    "ClientIPClass":"noRecord",
    "ClientRequestBytes":1082,
    "ClientRequestHost":"foo.com",
    "ClientRequestMethod":"GET",
    "ClientRequestPath":"/favicon.ico",
    "ClientRequestProtocol":"HTTP/2",
    "ClientRequestReferer":"",
    "ClientRequestURI":"/favicon.ico",
    "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0",
    "ClientSSLCipher":"AEAD-AES128-GCM-SHA256",
    "ClientSSLProtocol":"TLSv1.3",
    "ClientSrcPort":3060,
    "EdgeColoID":134,
    "EdgeEndTimestamp":"2019-01-03T06:33:55Z",
    "EdgePathingOp":"wl",
    "EdgePathingSrc":"macro",
    "EdgePathingStatus":"nr",
    "EdgeRateLimitAction":"",
    "EdgeRateLimitID":0,
    "EdgeRequestHost":"foo.com",
    "EdgeResponseBytes":5177,
    "EdgeResponseCompressionRatio":0,
    "EdgeResponseContentType":"text/html",
    "EdgeResponseStatus":521,
    "EdgeServerIP":"172.69.98.148",
    "EdgeStartTimestamp":"2019-01-03T06:33:55Z",
    "OriginIP":"2.2.2.2",
    "OriginResponseBytes":0,
    "OriginResponseHTTPExpires":"",
    "OriginResponseHTTPLastModified":"",
    "OriginResponseStatus":0,
    "OriginResponseTime":3000000,
    "OriginSSLProtocol":"unknown",
    "ParentRayID":"00",
    "RayID":"49336fc9397ab080",
    "SecurityLevel":"med",
    "WAFFlags":"0",
    "WAFMatchedVar":"",
    "WAFProfile":"unknown",
    "WAFRuleMessage":"",
    "WorkerCPUTime":0,
    "WorkerStatus":"unknown",
    "WorkerSubrequest":false,
    "WorkerSubrequestCount":0,
    "ZoneName":"example.com"
    }
    

Limitations

Les restrictions d'utilisation suivantes s'appliquent lors de l'utilisation de la fonction Logpull.

  • Limites de débit: Le dépassement de ces limites entraîne une réponse d'erreur 429 :
    • 15 demandes par minute par zone
    • 180 demandes par minute par utilisateur
  • Plage de temps: La différence maximale entre les paramètres de début et de fin peut être de 1 heure.
  • Taille de la réponse: La taille de réponse maximale est de 10 GiB par demande, ce qui équivaut à environ 15 M enregistrements lorsque 55 champs sont sélectionnés. Plus d'enregistrements peuvent être extraits lorsque moins de zones sont sélectionnées car la taille par enregistrement est plus petite.
  • Délai d'attente: La réponse échouera avec une connexion arrêtée au bout de 10 minutes.
  • Délai d'attente du flux: La demande s'arrête avec une réponse d'erreur 408 si la connexion est inactive pendant 30 secondes. Ce délai d'attente signifie généralement que la demande est trop exhaustive (délais d'attente fréquents-plus de 12 par heure). Les délais d'attente de flux entraînent le blocage des requêtes suivantes avec le code de statut 429 pendant 1 heure. Pour éviter le dépassement du délai d'attente, essayez de demander des enregistrements en utilisant moins de zones ou essayez avec des paramètres de début et de fin plus petits.