使用 Logpull 服务
IBM 客户可以访问企业帐户上的 Logpull 服务。 这项服务允许用户 使用Logpull命令 通过 HTTP 查看请求日志。 这些日志包含与连接客户机、通过网络的请求路径以及来自源 Web 服务器的响应相关的数据。 用户可以从过去的 1 分钟开始查询日志 (相对于执行查询的实际时间)。
启用日志保留时间
缺省情况下,不会保留边缘日志。 必须先启用日志保留,然后才能使用 Logpull CLI 来拉取日志。 要执行此操作,必须检查当前设置,然后打开或关闭日志保留时间。 启用后,日志将保留 7 天。 如果关闭保留时间,那么先前保存的日志将可用,直到保留期到期为止。
- 要检查当前是否已关闭日志保留时间,请使用
log-retentionCLI:
ibmcloud cis log-retention DNS_DOMAIN_ID
- 如果输出显示标志为
off(缺省值),请按如下所示更新设置。
ibmcloud cis log-retention-update DNS_DOMAIN_ID --flag on
Logpull 用例
基于 RayID 获取日志
如果运行命令后收到错误信息,可以使用响应标头中提供的 RayID 获取与命令相关的日志。
如果您的 RAY_ID 在末尾包含 -XXX,请务必将其除去。 例如,12ab34cdef567gh8-XXX 变为 12ab34cdef567gh8。
对请求使用以下命令:
ibmcloud cis logpull DNS_DOMAIN_ID --ray-id RAY_ID
答复如下:
{
"ClientIP": "68.278.11.89",
"ClientRequestHost": "testing.logpull.com",
"ClientRequestMethod": "GET",
"ClientRequestURI": "/var/www",
"EdgeEndTimestamp": 1545155129703000000,
"EdgeResponseBytes": 1935,
"EdgeResponseStatus": 403,
"EdgeStartTimestamp": 1545155129696000000,
"RayID": "48b371889c489b2c"
}
根据持续时间获取日志
如果在运行命令后接收到错误消息,但不知道响应的 RayID,那么可以使用持续时间来获取发生错误的时间段内的所有日志。
对请求使用以下命令:
ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00
其中 --start 和 --end 输入 UNIX 时间戳(以秒或纳秒为单位),或符合 RFC 3339 的绝对时间戳,时间长度为一分钟或一小时。
答复如下:
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-collapse.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":2205,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628044000000,"RayID":"48ab19434891c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/3d.gif","EdgeEndTimestamp":1545067627970000000,"EdgeResponseBytes":2538446,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627951000000,"RayID":"48ab1942bf96c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/logo.gif","EdgeEndTimestamp":1545067628051000000,"EdgeResponseBytes":82257,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628048000000,"RayID":"48ab194348a0c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/docs.css","EdgeEndTimestamp":1545067627952000000,"EdgeResponseBytes":540,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af8ac7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap.css","EdgeEndTimestamp":1545067627952000000,"EdgeResponseBytes":17311,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af85c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/jquery.js","EdgeEndTimestamp":1545067628045000000,"EdgeResponseBytes":33555,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628042000000,"RayID":"48ab19434882c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/watson.gif","EdgeEndTimestamp":1545067628052000000,"EdgeResponseBytes":893230,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab194348a3c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-386.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":1663,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628043000000,"RayID":"48ab19434884c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/Fixedsys500c.woff","EdgeEndTimestamp":1545067630272000000,"EdgeResponseBytes":14055,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067629064000000,"RayID":"48ab1949aca2c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bios.gif","EdgeEndTimestamp":1545067628055000000,"EdgeResponseBytes":1121237,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab1943489ec7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-modal.js","EdgeEndTimestamp":1545067628046000000,"EdgeResponseBytes":2569,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628043000000,"RayID":"48ab1943488ac7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/holder.js","EdgeEndTimestamp":1545067628053000000,"EdgeResponseBytes":4593,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067628046000000,"RayID":"48ab19434898c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/old_school.png","EdgeEndTimestamp":1545067627960000000,"EdgeResponseBytes":1466,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627952000000,"RayID":"48ab1942bf92c7a7"}
{"ClientIP":"2620:1f7:8c5::1f:949e:c04d","ClientRequestHost":"test.logpull.load.com","ClientRequestMethod":"GET","ClientRequestURI":"/assets/bootstrap-responsive.css","EdgeEndTimestamp":1545067627951000000,"EdgeResponseBytes":4797,"EdgeResponseStatus":200,"EdgeStartTimestamp":1545067627948000000,"RayID":"48ab1942af86c7a7"}
可用字段
如果未在请求中指定 fields,那么将返回缺省字段的有限集。 可在此处查找所有可用字段的完整列表:
ibmcloud cis logpull DNS_DOMAIN_ID --available-fields
字段以逗号分隔的列表形式传递。 例如,使用 "ZoneName" 和 "RayID",:
ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00 --fields ZoneName,RayID
字段列表
可用的字段:
"BotScore": "int; Cloudflare Bot Score. Scores below 30 are commonly associated with automated traffic. Available only for Bot Management customers. To enable this feature, contact your account team.",
"BotScoreSrc": "string; Detection engine responsible for generating the Bot Score. Possible values are Not Computed | Heuristics | Machine Learning | Behavioral Analysis | Verified Bot | JS Fingerprinting | Cloudflare Service. Available only for Bot Management customers. To enable this feature, contact your account team.",
"CacheCacheStatus": "string; Cache status. Possible values are unknown | miss | expired | updating | stale | hit | ignored | bypass | revalidated | dynamic | stream_hit | deferred \"dynamic\" means that a request is not eligible for cache. This can mean, for example that it was blocked by the firewall. Refer to [Cloudflare cache responses](https://developers.cloudflare.com/cache/concepts/cache-responses/) for more details.",
"CacheResponseBytes": "int; Number of bytes returned by the cache.",
"CacheResponseStatus": "int; HTTP status code returned by the cache to the edge. All requests (including non-cacheable ones) go through the cache. Refer also to CacheCacheStatus field.",
"CacheTieredFill": "bool; Tiered Cache was used to serve this request.",
"ClientASN": "int; Client AS number.",
"ClientCountry": "string; 2-letter ISO-3166 country code of the client IP address.",
"ClientDeviceType": "string; Client device type.",
"ClientIP": "string; IP address of the client.",
"ClientIPClass": "string; Client IP class. Possible values are unknown | badHost | searchEngine | allowlist | monitoringService | noRecord | scan | tor.",
"ClientRequestBytes": "int; Number of bytes in the client request.",
"ClientRequestHost": "string; Host requested by the client.",
"ClientRequestMethod": "string; HTTP method of client request.",
"ClientRequestPath": "string; URI path requested by the client.",
"ClientRequestProtocol": "string; HTTP protocol of client request.",
"ClientRequestReferer": "string; HTTP request referrer.",
"ClientRequestURI": "string; URI requested by the client.",
"ClientRequestUserAgent": "string; User agent reported by the client.",
"ClientSSLCipher": "string; Client SSL cipher.",
"ClientSSLProtocol": "string; Client SSL (TLS) protocol. The value \"none\" means that SSL was not used.",
"ClientSrcPort": "int; Client source port.",
"ClientXRequestedWith": "string; X-Requested-With HTTP header.",
"Cookies": "object; String key-value pairs for Cookies. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"EdgeColoCode": "string; IATA airport code of data center that received the request.",
"EdgeColoID": "int; Cloudflare edge colo id.",
"EdgeEndTimestamp": "int or string; Timestamp at which the edge finished sending response to the client.",
"EdgePathingOp": "string; Indicates what type of response was issued for this request (unknown = no specific action).",
"EdgePathingSrc": "string; Details how the request was classified based on security checks (unknown = no specific classification).",
"EdgePathingStatus": "string; Indicates what data was used to determine the handling of this request (unknown = no data).",
"EdgeRequestHost": "string; Host header on the request from the edge to the origin.",
"EdgeResponseBytes": "int; Number of bytes returned by the edge to the client.",
"EdgeResponseCompressionRatio": "float; The edge response compression ratio is calculated as the ratio between the sizes of the original and compressed responses.",
"EdgeResponseContentType": "string; Edge response Content-Type header value.",
"EdgeResponseStatus": "int; HTTP status code returned by Cloudflare to the client.",
"EdgeServerIP": "string; IP of the edge server making a request to the origin. Possible responses are string in IPv4 or IPv6 format, or empty string. Empty string means that there was no request made to the origin server.",
"EdgeStartTimestamp": "int or string; Timestamp at which the edge received request from the client.",
"OriginIP": "string; IP of the origin server.",
"OriginResponseBytes": "int; Number of bytes returned by the origin server.",
"OriginResponseHTTPExpires": "string; Value of the origin 'expires' header in RFC1123 format.",
"OriginResponseHTTPLastModified": "string; Value of the origin 'last-modified' header in RFC1123 format.",
"OriginResponseStatus": "int; Status returned by the upstream server. The value 0 means that there was no request made to the origin server and the response was served by Cloudflare's Edge. However, if the zone has a Worker running on it, the value 0 could be the result of a Workers subrequest made to the origin.",
"OriginResponseTime": "int; Number of nanoseconds it took the origin to return the response to edge.",
"OriginSSLProtocol": "string; SSL (TLS) protocol used to connect to the origin.",
"ParentRayID": "string; Ray ID of the parent request if this request was made using a Worker script.",
"RayID": "string; ID of the request.",
"RequestHeaders": "object; String key-value pairs for RequestHeaders. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"ResponseHeaders": "object; String key-value pairs for ResponseHeaders. This field is populated based on [Logpush Custom fields](https://developers.cloudflare.com/logs/reference/custom-fields/), which need to be configured.",
"WAFFlags": "string; Additional configuration flags: simulate (0x1) | null.",
"WAFMatchedVar": "string; The full name of the most-recently matched variable.",
"WorkerCPUTime": "int; Amount of time in microseconds spent executing a worker, if any.",
"WorkerStatus": "string; Status returned from worker daemon.",
"WorkerSubrequest": "bool; Whether or not this request was a worker subrequest.",
"WorkerSubrequestCount": "int; Number of subrequests issued by a worker when handling this request."
"ZoneName": "string; the human-readable name of the zone"
Logpull 示例
以下是 logpull 调用示例和特定类型响应的示例。
-
请求
ibmcloud cis logpull DNS_DOMAIN_ID --start 2019-01-02T01:00:00+00:00 --end 2019-01-02T01:00:00+00:00 --fields ClientRequestURI,EdgeResponseBytes,ParentRayID,WorkerStatus, OriginResponseTime,EdgeResponseStatus,WorkerSubrequest,ClientRequestProtocol,EdgePathingOp,ClientSrcPort,WorkerSubrequestCount,EdgeRequestHost, ClientSSLCipher,EdgePathingSrc,OriginResponseStatus,ClientIPClass,EdgeColoID,ClientCountry,ClientRequestHost,WAFFlags,ClientASN,EdgeServerIP, CacheCacheStatus,SecurityLevel,ClientRequestUserAgent,CacheResponseBytes,EdgeStartTimestamp,ClientSSLProtocol,EdgeEndTimestamp,EdgeResponseContentType, ClientRequestBytes,CacheResponseStatus,WorkerCPUTime,RayID,ClientRequestMethod,ClientIP,ClientRequestPath,OriginResponseHTTPExpires,CacheTieredFill,WAFRuleMessage, EdgePathingStatus,ClientDeviceType,OriginSSLProtocol,EdgeRateLimitAction,OriginIP,EdgeRateLimitID,ZoneName,EdgeResponseCompressionRatio,ClientRequestReferer, OriginResponseHTTPLastModified,OriginResponseBytes --timestamps=rfc3339' -
状态码为 200 的响应
{ "CacheCacheStatus":"unknown", "CacheResponseBytes":396, "CacheResponseStatus":200, "CacheTieredFill":false, "ClientASN":56046, "ClientCountry":"cn", "ClientDeviceType":"desktop", "ClientIP":"1.1.1.1", "ClientIPClass":"noRecord", "ClientRequestBytes":400, "ClientRequestHost":"foo.com", "ClientRequestMethod":"GET", "ClientRequestPath":"/", "ClientRequestProtocol":"HTTP/1.1", "ClientRequestReferer":"", "ClientRequestURI":"/", "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", "ClientSSLCipher":"NONE", "ClientSSLProtocol":"none", "ClientSrcPort":4532, "EdgeColoID":134, "EdgeEndTimestamp":"2019-01-03T01:54:11Z", "EdgePathingOp":"wl", "EdgePathingSrc":"macro", "EdgePathingStatus":"nr", "EdgeRateLimitAction":"", "EdgeRateLimitID":0, "EdgeRequestHost":"foo.com", "EdgeResponseBytes":808, "EdgeResponseCompressionRatio":1.57, "EdgeResponseContentType":"text/html", "EdgeResponseStatus":200, "EdgeServerIP":"172.69.98.106", "EdgeStartTimestamp":"2019-01-03T01:54:11Z", "OriginIP":"2.2.2.2", "OriginResponseBytes":0, "OriginResponseHTTPExpires":"", "OriginResponseHTTPLastModified":"Tue, 31 Jan 2017 15:01:11 UTC", "OriginResponseStatus":200, "OriginResponseTime":7000000, "OriginSSLProtocol":"unknown", "ParentRayID":"00", "RayID":"4931d60516c0b0b0", "SecurityLevel":"med", "WAFFlags":"0", "WAFMatchedVar":"", "WAFProfile":"unknown", "WAFRuleID":"", "WAFRuleMessage":"", "WorkerCPUTime":0, "WorkerStatus":"unknown", "WorkerSubrequest":false, "WorkerSubrequestCount":0, "ZoneName":"example.com" } -
状态码为 404 的响应
{ "CacheCacheStatus":"miss", "CacheResponseBytes":209, "CacheResponseStatus":404, "CacheTieredFill":false, "ClientASN":56046, "ClientCountry":"cn", "ClientDeviceType":"desktop", "ClientIP":"1.1.1.1", "ClientIPClass":"noRecord", "ClientRequestBytes":433, "ClientRequestHost":"foo.com", "ClientRequestMethod":"GET", "ClientRequestPath":"/favicon.ico", "ClientRequestProtocol":"HTTP/1.1", "ClientRequestReferer":"foo.com/", "ClientRequestURI":"/favicon.ico", "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", "ClientSSLCipher":"NONE", "ClientSSLProtocol":"none", "ClientSrcPort":4532, "EdgeColoID":134, "EdgeEndTimestamp":"2019-01-03T01:54:12Z", "EdgePathingOp":"wl", "EdgePathingSrc":"macro", "EdgePathingStatus":"nr", "EdgeRateLimitAction":"", "EdgeRateLimitID":0, "EdgeRequestHost":"foo.com", "EdgeResponseBytes":556, "EdgeResponseCompressionRatio":2.87, "EdgeResponseContentType":"text/html", "EdgeResponseStatus":404, "EdgeServerIP":"172.69.98.148", "EdgeStartTimestamp":"2019-01-03T01:54:12Z", "OriginIP":"2.2.2.2", "OriginResponseBytes":0, "OriginResponseHTTPExpires":"", "OriginResponseHTTPLastModified":"", "OriginResponseStatus":404, "OriginResponseTime":7000000, "OriginSSLProtocol":"unknown", "ParentRayID":"00", "RayID":"4931d60a16c8b0b0", "SecurityLevel":"med", "WAFFlags":"0", "WAFMatchedVar":"", "WAFProfile":"unknown", "WAFRuleMessage":"", "WorkerCPUTime":0, "WorkerStatus":"unknown", "WorkerSubrequest":false, "WorkerSubrequestCount":0, "ZoneName":"example.com" } -
请求与 WAF 规则(SQLj 攻击)相匹配
{ "CacheCacheStatus":"unknown", "CacheResponseBytes":0, "CacheResponseStatus":0, "CacheTieredFill":false, "ClientASN":56046, "ClientCountry":"cn", "ClientDeviceType":"desktop", "ClientIP":"1.1.1.1", "ClientIPClass":"noRecord", "ClientRequestBytes":501, "ClientRequestHost":"foo.com", "ClientRequestMethod":"GET", "ClientRequestPath":"/login.php", "ClientRequestProtocol":"HTTP/1.1", "ClientRequestReferer":"", "ClientRequestURI":"/login.php?username=asdf&password=asdf", "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0", "ClientSSLCipher":"NONE", "ClientSSLProtocol":"none", "ClientSrcPort":48718, "EdgeColoID":134, "EdgeEndTimestamp":"2019-01-04T02:22:26Z", "EdgePathingOp":"wl", "EdgePathingSrc":"macro", "EdgePathingStatus":"nr", "EdgeRateLimitAction":"", "EdgeRateLimitID":0, "EdgeRequestHost":"", "EdgeResponseBytes":1849, "EdgeResponseCompressionRatio":2.82, "EdgeResponseContentType":"text/html", "EdgeResponseStatus":403, "EdgeServerIP":"", "EdgeStartTimestamp":"2019-01-04T02:22:26Z", "OriginIP":"", "OriginResponseBytes":0, "OriginResponseHTTPExpires":"", "OriginResponseHTTPLastModified":"", "OriginResponseStatus":0, "OriginResponseTime":0, "OriginSSLProtocol":"unknown", "ParentRayID":"00", "RayID":"493a3cc9463eb0d4", "SecurityLevel":"med", "WAFFlags":"0", "WAFMatchedVar":"ARGS:USERNAME", "WAFProfile":"off", "WAFRuleMessage":"SQLi probing", "WorkerCPUTime":0, "WorkerStatus":"unknown", "WorkerSubrequest":false, "WorkerSubrequestCount":0, "ZoneName":"example.com" } -
请求与防火墙规则相匹配
{ "CacheCacheStatus":"unknown", "CacheResponseBytes":0, "CacheResponseStatus":0, "CacheTieredFill":false, "ClientASN":36351, "ClientCountry":"us", "ClientDeviceType":"desktop", "ClientIP":"1.1.1.1", "ClientIPClass":"noRecord", "ClientRequestBytes":90, "ClientRequestHost":"foo.com", "ClientRequestMethod":"GET", "ClientRequestPath":"/", "ClientRequestProtocol":"HTTP/1.1", "ClientRequestReferer":"", "ClientRequestURI":"/", "ClientRequestUserAgent":"curl/7.47.0", "ClientSSLCipher":"NONE", "ClientSSLProtocol":"none", "ClientSrcPort":57260, "EdgeColoID":26, "EdgeEndTimestamp":"2019-01-03T08:48:42Z", "EdgePathingOp":"ban", "EdgePathingSrc":"user", "EdgePathingStatus":"ip", "EdgeRateLimitAction":"", "EdgeRateLimitID":0, "EdgeRequestHost":"", "EdgeResponseBytes":3556, "EdgeResponseCompressionRatio":0, "EdgeResponseContentType":"text/html", "EdgeResponseStatus":403, "EdgeServerIP":"", "EdgeStartTimestamp":"2019-01-03T08:48:42Z", "OriginIP":"", "OriginResponseBytes":0, "OriginResponseHTTPExpires":"", "OriginResponseHTTPLastModified":"", "OriginResponseStatus":0, "OriginResponseTime":0, "OriginSSLProtocol":"unknown", "ParentRayID":"00", "RayID":"493a6341d02565e7", "SecurityLevel":"med", "WAFFlags":"0", "WAFMatchedVar":"", "WAFProfile":"unknown", "WAFRuleMessage":"", "WorkerCPUTime":0, "WorkerStatus":"unknown", "WorkerSubrequest":false, "WorkerSubrequestCount":0, "ZoneName":"example.com" } -
请求受到速率限制
{ "CacheCacheStatus":"unknown", "CacheResponseBytes":0, "CacheResponseStatus":0, "CacheTieredFill":false, "ClientASN":36351, "ClientCountry":"us", "ClientDeviceType":"desktop", "ClientIP":"1.1.1.1", "ClientIPClass":"noRecord", "ClientRequestBytes":90, "ClientRequestHost":"foo.com", "ClientRequestMethod":"GET", "ClientRequestPath":"/", "ClientRequestProtocol":"HTTP/1.1", "ClientRequestReferer":"", "ClientRequestURI":"/", "ClientRequestUserAgent":"curl/7.47.0", "ClientSSLCipher":"NONE", "ClientSSLProtocol":"none", "ClientSrcPort":33186, "EdgeColoID":26, "EdgeEndTimestamp":"2019-01-03T08:59:55Z", "EdgePathingOp":"ban", "EdgePathingSrc":"user", "EdgePathingStatus":"rateLimit", "EdgeRateLimitAction":"ban", "EdgeRateLimitID":1307134, "EdgeRequestHost":"", "EdgeResponseBytes":3559, "EdgeResponseCompressionRatio":0, "EdgeResponseContentType":"text/html", "EdgeResponseStatus":429, "EdgeServerIP":"", "EdgeStartTimestamp":"2019-01-03T08:59:55Z", "OriginIP":"", "OriginResponseBytes":0, "OriginResponseHTTPExpires":"", "OriginResponseHTTPLastModified":"", "OriginResponseStatus":0, "OriginResponseTime":0, "OriginSSLProtocol":"unknown", "ParentRayID":"00", "RayID":"493a73ad468419b6", "SecurityLevel":"med", "WAFFlags":"0", "WAFMatchedVar":"", "WAFProfile":"unknown", "WAFRuleMessage":"", "WorkerCPUTime":0, "WorkerStatus":"unknown", "WorkerSubrequest":false, "WorkerSubrequestCount":0, "ZoneName":"example.com" } -
源服务器停机(错误 521,Web 服务器停机)
{ "CacheCacheStatus":"miss", "CacheResponseBytes":177, "CacheResponseStatus":521, "CacheTieredFill":false, "ClientASN":56046, "ClientCountry":"cn", "ClientDeviceType":"desktop", "ClientIP":"1.1.1.1", "ClientIPClass":"noRecord", "ClientRequestBytes":1082, "ClientRequestHost":"foo.com", "ClientRequestMethod":"GET", "ClientRequestPath":"/favicon.ico", "ClientRequestProtocol":"HTTP/2", "ClientRequestReferer":"", "ClientRequestURI":"/favicon.ico", "ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0", "ClientSSLCipher":"AEAD-AES128-GCM-SHA256", "ClientSSLProtocol":"TLSv1.3", "ClientSrcPort":3060, "EdgeColoID":134, "EdgeEndTimestamp":"2019-01-03T06:33:55Z", "EdgePathingOp":"wl", "EdgePathingSrc":"macro", "EdgePathingStatus":"nr", "EdgeRateLimitAction":"", "EdgeRateLimitID":0, "EdgeRequestHost":"foo.com", "EdgeResponseBytes":5177, "EdgeResponseCompressionRatio":0, "EdgeResponseContentType":"text/html", "EdgeResponseStatus":521, "EdgeServerIP":"172.69.98.148", "EdgeStartTimestamp":"2019-01-03T06:33:55Z", "OriginIP":"2.2.2.2", "OriginResponseBytes":0, "OriginResponseHTTPExpires":"", "OriginResponseHTTPLastModified":"", "OriginResponseStatus":0, "OriginResponseTime":3000000, "OriginSSLProtocol":"unknown", "ParentRayID":"00", "RayID":"49336fc9397ab080", "SecurityLevel":"med", "WAFFlags":"0", "WAFMatchedVar":"", "WAFProfile":"unknown", "WAFRuleMessage":"", "WorkerCPUTime":0, "WorkerStatus":"unknown", "WorkerSubrequest":false, "WorkerSubrequestCount":0, "ZoneName":"example.com" }
限制
使用 Logpull 功能部件时,以下使用限制适用。
- 速率限制: 超过这些限制会导致
429错误响应:- 每个专区每分钟 15 个请求
- 每个用户每分钟 180 个请求
- 时间范围: 开始和结束参数之间的最大差值可以是 1 小时。
- 响应大小: 每个请求的最大响应大小为 10 GiB,当选择了大约 55 个字段时,相当于大约 15 M 个记录。 如果选择的字段较少,那么可以检索更多记录,因为每个记录的大小较小。
- 超时: 响应将在 10 分钟后失败并终止连接。
- 流超时: 如果连接处于空闲状态 30 秒,那么将终止请求并发出
408错误响应。 此超时通常意味着请求过于详尽 (频繁超时-超过每小时 12 次)。 流超时将导致后续查询在 1 小时内被阻塞,状态码为429。 要避免超时,请尝试使用较少的字段来请求记录,或者尝试使用较小的开始和结束参数。