Access log-structure
Log line structure is as follows, note that some fields are quoted and some are not.if we will add more fields in the future, they'll be added on the right side.
Field names:
Field | Description |
remote_addr | Client IP |
timestamp | Timestamp |
status | Response Status code sent to client |
bytes_sent | Number of bytes sent in the response |
method | HTTP Request method |
request | The complete URL (including the query string) |
proto_version | Protocol Version (1.0/1.1) |
blocked | Was it blocked by Reblaze? |
is_human | Was it marked as human? |
block_reason | If blocked / Exceptionally passed - for what reason |
geoip_country_name | Country Name |
geoip_country_code | Country Code |
request_id | Unique ID of this request within Reblaze |
captured_vector | The vector attack we captured |
request_time | The time it took our system to process the request |
upstream_addr | The address of the upstream server(s) reblaze approached |
upstream_response_time | The time Reblaze was waiting to the upstream server(s) to return the response |
domain_name | The domain name of the server group in reblaze |
host | The Host header of this request (same as domain name, or one of its aliases) |
referer | The HTTP Referer header |
http_user_agent | HTTP User Agent |
http_cookie | The Cookie header string |
request_headers | Request headers encoded in base6 |
organization | The complete organisation name owning the IP address |
upstream_status | The status code returned by the upstream server |
uri | The request URI without query part |
hostname | The Proxy (Reblaze) server that process the request. |
is_cloud | |
is_tor | |
is_vpn | |
is_anonymizer | |
is_proxy | |
rbzsessionid | Reblaze Session ID |
request_length | The upload request size in bytes |
sent_http_cache_control | The Cache-Control header we sent as part of the response |
sent_http_expires | The Expires header we sent as part of the response |
cookie_rbzid | Hash of the RBZID Cookie |
sent_http_content_type | The MIME - Type (Content-Type response header) |
browsersig | A unique signature of the visiting browser (future use) |
ssl_protocol | SSL Protocol Version |
ssl_cipher | Selected SSL Cipher |
cache_status | Upstream Cache Status |
anything_else | Future use place holder |
Example line (sliced into smaller parts):
Headers are base64 encoded JSON string contains headers names and values.
if we decided to block a request, either by ACL, or WAF/IPS it will be marked as "1" in the blocked field,
as well there will be a description at "block_reason" field.
Decoding headers filed shall result with the following:
Note that within the headers, we add an entry for the post_request_body.
Python Parser Example:
Last updated