Skip to main content
Logs Uploader is a feature that enables an automatic export of CDN resource logs to your storage in near real-time. Exported logs contain information about user requests sent to cache servers and pre-cache servers (if you have the Origin shielding feature enabled).
InfoThis is a paid feature. To activate Logs Uploader, contact the Gcore support team.

Logs uploader settings

In this section, you can find general information about log settings, statuses, and how to configure logs exporting for different storage types.

Log format example

"$remote_addr" "-" "$remote_user" "[$time_local]" "$request" "$status"  
"$body_bytes_sent" "$http_referer" "$http_user_agent" "$bytes_sent"  
"$edgename" "$scheme" "$host" "$request_time"  
"$upstream_response_time" "$request_length" "$http_range" "[$responding_node]"  
"$upstream_cache_status" "$upstream_response_length" "$upstream_addr"  
"$gcdn_api_client_id" "$gcdn_api_resource_id" "$uid_got" "$uid_set"  
"$geoip_country_code" "$geoip_city" "$shield_type" "$server_addr" "$server_port"  
"$upstream_status" "-" "$upstream_connect_time" "$upstream_header_time"  
"$shard_addr" "$geoip2_data_asnumber" "$connection" "$connection_requests"  
"$http_traceparent" "$http_x_forwarded_proto" "$gcdn_internal_status_code" "$ssl_cipher"  
"$ssl_session_id" "$ssl_session_reused" "$sent_http_content_type" "$tcpinfo_rtt" 
"$server_country_code" "$gcdn_tcpinfo_snd_cwnd" "$gcdn_tcpinfo_total_retrans" "$gcdn_rule_id" 
It’s OK if you find a field that’s not listed in the example. We occasionally add new fields to the end of the line. If some fields are added to logs, you’ll receive an email about the update.

Log fields

The following table contains a complete list of available log fields. Fields formatted in italics relate to our internal CDN system, so you can ignore them. You can check other fields—they can be helpful for traffic analysis or statistics.
FieldLog value exampleDescription
$remote_addr0.0.0.0User’s IP address
$remote_user
(internal system variable)
-Username used in Basic authentication
[$time_local][26/Apr/2019:09:47:40 +0000]Local time in Common Log Format
$requestGET /ContentCommon/images/image.png HTTP/1.1HTTP method, requested file path, and HTTP version
$status200Response status code from a CDN server
$body_bytes_sent1514283Number of bytes sent to a user, excluding the response header size
$http_refererhttps://example.com/videos/10Referrer – a URL requested by a user
$http_user_agentMozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 YaBrowser/16.10.0.2309 Safari/537.36User agent that was used to send a request (browser or other application)
$bytes_sent1514848Number of bytes sent to a user
$edgename[dh-up-gc18]CDN server that forwarded the requested file
$schemehttpsProtocol (HTTP or HTTPS) of a request
$hostcdn.example.comRequested hostname of a CDN resource
$request_time1.500Request processing time in seconds (accurate to milliseconds); time elapsed between the first bytes of a request being processed and logging after the last bytes were sent to a user
$upstream_response_time0.445Number of seconds (accurate to milliseconds) it took to receive a response from an origin. In case of multiple responses, commas and colons are used
$request_length157Request length (including request line, header, and request body)
$http_rangebytes=0-1901653File fragment size in a Range request
[$responding_node]dhResponding data center
$upstream_cache_statusMISSStatus of a requested file in CDN cache:

HIT: response served from the CDN cache.
STALE: outdated response that failed to update (origin not responding or responding incorrectly).
UPDATING: outdated response still updating from a previous request.
REVALIDATED: response matching one on an origin (based on the proxy_cache_revalidate directive).
EXPIRED: response that has expired in cache but still matches one on an origin; a request was sent to re-cache it.
MISS: response served directly from an origin rather than from cache.
BYPASS: response for the first file request after clearing the cache (the first request from each CDN server results in BYPASS; subsequent requests on that server result in HIT).
$upstream_response_length10485760Response length from an origin in bytes. In case of multiple responses, commas and colons are used
$upstream_addr0.0.0.0:80Origin’s IP address and port
$gcdn_api_client_id
(internal system variable)
123Your ID in our system
$gcdn_api_resource_id
(internal system variable)
01Your CDN-resource ID in our system
$uid_got
(internal system variable)
-Cookie name and received user ID
$uid_set
(internal system variable)
-Cookie name and provided user ID
$geoip_country_codeKZUser’s country code according to the ISO 3166 standard (Alpha-2 code)
$geoip_city-User’s city code
$shield_type
(internal system variable)
shield_noIndicates whether Origin Shielding is enabled:
shield_old – enabled
shield_no – disabled
$server_addr
(internal system variable)
0.0.0.0IP address of an Anycast zone or CDN server
$server_port
(internal system variable)
80Requested port
$upstream_status206Origin response code
$upstream_connect_time0.000Number of seconds (accurate to milliseconds) it took to access an origin server
$upstream_header_time0.200Number of seconds (accurate to milliseconds) it took to receive a response header from an origin server
$shard_addr
(internal system variable)
0.0.0.0IP address of a CDN server that was first to accept a request if the Cache Sharding feature is enabled
$geoip2_data_asnumberasnumberNumber of an autonomous system that sent a request
$connection
(internal system variable)
2897494295Connection serial number
$connection_requests
(internal system variable)
1Current number of requests made through a connection
$http_traceparent
(internal system variable)
00-d5fe1dc9035165ce36952daf29686b6c-14330be33197dd1a-01Unique request identifier. More info in the Traceparent guide
$http_x_forwarded_proto-Initial protocol of an incoming request (HTTP or HTTPS)
$gcdn_internal_status_code
(internal system variables)
-Initial status code. Possible values are: -, or 1000-1200
$ssl_cipher
(internal system variable)
ECDHE-RSA-AES256-GCM-SHA384Cipher name used for an established SSL connection
$ssl_session_id
(internal system variable)
28a4184139cb43cdc79006cf2d1a4ac93bdc****Session ID of an established SSL connection
$ssl_session_reused
(internal system variable)
rShows whether a session was reused (r) or not (.)
$sent_http_content_typeapplication/jsonValue of the Content-Type HTTP header, indicating the MIME type of a transmitted file
$tcpinfo_rtt21Average time (latency) it takes to transfer a packet to/from a server. The unit of time is microseconds.
$server_country_codePLServer’s country code according to the ISO 3166 standard (Alpha-2 code).
$gcdn_tcpinfo_snd_cwnd45Size of the TCP Congestion window, i.e., the maximum number of TCP segments that the connection can send before an acknowledgment is required.
$tcpi_total_retrans10Total number of retransmitted packets over the life of the connection.
$gcdn_rule_id100700Initial rule ID (beta). Possible values are: -, or 100700
ReasonHTTP CodeInternal CodeComment
Country ACL4031001
Refferer ACL4031002
IP ACL4031003
User-Agent ACL4031004
Secure Token4031005If the requested link passes the authenticity check, the $secure_link variable is set to the link extracted from the request URI. Otherwise, $secure_link is set to an empty string.
Secure Token4101006If the link has a limited lifetime and the time has expired, the $secure_link variable is set to "0".
WAF4031007Request blocked by WAF
Bot challenge / Testcookie3071008Redirection sent by bot challenge (testcookie)
Blocklist4031009Request blocked by bot protection blocklist
HTTP method4051200AllowedHttpMethods enabled AND HTTP request method not in AllowedHttpMethods list
Streaming disabled .(ts|m3u8)4021201Streaming feature disabled for the client
LE Validation /.well-known/acme-challenge/4041202We return 404 if http_user_agent is not in the list `“cert-manager-challengesacme.zerossl.comCpanel-HTTP-ClientBuypass validation clientGoogle-Certificates-Bridgevercel-fetchwin-acmeTyphoeusGo-http-client”`.
check $http_x_cdn_requestor not empty4031203Non-authorized request to shield
Force ReturnANY1204Status code option, this internal code indicates that the response was generated by this feature

Configure logs for export

You can enable and set up the Logs uploader feature in the Gcore Customer Portal on the Gcore CDN page. To access log settings, navigate to Logs > Logs uploader and configure the feature as described in the following steps.

Step 1 (optional). Include empty logs

Keep the Do not send empty logs option selected if you don’t want to receive empty logs. Otherwise, uncheck it.

Step 2 (optional). Enable origin shielding

If you are using the origin shielding feature, you’ll see the Add logs from origin shielding checkbox when configuring Logs uploader. We recommend that you select this option as it ensures that the logs report will include both requests to cache services and requests to the pre-cache server. Thus, you’ll receive more detailed information on resource usage. To include these logs, select the checkbox to enable Include logs from origin shielding.
Include logs from origin shielding checkbox highlighted
TipIf you don’t see the origin shielding option on the Logs uploader page, this feature is not activated for your account. For details on how to activate origin shielding, check our dedicated guide.

Step 3. Select log fields

Choose which log fields you want to include in the exported report. By default, all fields are selected.

Step 4. Configure a storage provider

  • Amazon
  • OSS
  • Tab Title
Follow these instructions to export logs to AWS storage:1. In the Storage provider, select Amazon.2. Provide your access key ID and secret access key, which together form long-term AWS credentials.3. (Optional). Choose a storage region. While the region is often determined automatically, we recommend specifying it to ensure that your logs are exported successfully.4. Specify the name of a bucket where you want to export CDN logs.5. (Optional). Enter a folder name if you want to export logs to a specific folder within a bucket.
Receive logs to AWS
6. Click Save changes to apply the updates.

How near real-time log exporting works

Logs are achived and exported to your endpoint every five minutes. If CDN servers are not requested and you didn’t select the Do not send empty logs checkbox when configuring Logs uploader, an empty log file (± 20 bytes) will be sent to your storage.
I