RTLD may automatically deliver compressed log data to a web server by submitting HTTPS POST requests to it. The body for each of these requests will be a JSON or CSV document that uniquely identifies a set of log data and describes one or more log entries.
Learn more: RTLD CDN | RTLD Rate Limiting
RTLD applies gzip compression to log data. Each HTTPS POST request includes a Content-Encoding header set to gzip.
To create a log delivery profile
Configure your web server(s) to:
Support the HTTPS protocol.
Log delivery requires a certificate whose trust anchor is a publicly trusted certificate authority (CA). Additionally, the certificate must include a chain of trust for all intermediate certificate(s) and a leaf certificate.
Return a 2xx response (e.g., 200 OK) whenever data is successfully received.
If your web server responds with any other status code, then our service will retransmit the same log data at regular intervals. This may result in the delivery of duplicate log data.
Configure your firewall to allow POST requests from the following IP blocks:
198.7.21.0/24
If you plan to deliver log data via a custom port, then you should also configure your firewall to allow requests on that port.
Set up a workflow for handling or processing the log data that will be posted to your web server(s).
Example:
Create a listener for HTTPS POST requests that mines specific data from log entries.
Navigate to the Real-Time Log Delivery CDN | Rate Limiting
Set the Request URL option to a URL that may leverage the workflow defined in step 3. This URL must use the HTTPS protocol.
Specify a custom port to deliver log data over that port instead of 443.
Sample URL:
From the Authentication option, select one of the following modes:
Custom Authentication: Select this mode when your web server(s) expects the Authorization request header to be set to a custom token value. Set the Token option to a value that will authorize requests to your web server(s).
Log data will be posted to your web server(s) via HTTPS POST requests with an Authorization request header set to the specified value.
Authorization header syntax:
HTTP Basic: Select this mode if your web server(s) allow content to be uploaded via standard HTTP basic authentication. Set the desired credentials via the Username and Password options.
Base-64 encoding will applied to the specified credentials. After which, the encoded value will be passed via the Authorization header.
Authorization header syntax:
From the Log Format option, select whether to format log data using our standard JSON format, as a JSON array, as JSON lines, or as a CSV (RTLD CDN only).
Learn more: RTLD CDN | RTLD Rate Limiting
From the Downsample the Logs option, determine whether all or downsampledReduces the amount of log data that will be delivered. For example, you may choose to only deliver 1% of your log data. log data will be delivered.
Downsampled Log Data: Downsample logs to 0.1%, 1%, 25%, 50%, or 75% of total log data by enabling the Downsample the Logs option and then selecting the desired rate from the Downsampling Rate option.
Use this capability to reduce the amount of data that needs to be processed or stored within your web server(s).
RTLD CDN Only: Downsampling log data also reduces usage charges for this service.
Log delivery setup varies according to whether you are delivering log data for CDN traffic
From the Filter by Edge CNAME section, perform one of the following steps:
Filter log data by one or more edge CNAME(s)
Select one or more edge CNAMEs from the option directly to the right of the above option.
Filter the list by typing the entire or partial hostname. For example, typing co will filter the list to include all hostnames that contain co (e.g., cdn.example.com and corp.example.org).
Upload all log data regardless of edge CNAME
Verify that an edge CNAME has not been defined within this section.
From the Filter by User Agent option, perform one of the following steps:
Filter log data by user agent
Type a RE2-compatible regular expressionThis type of value is interpreted as a regular expression that defines a pattern of characters. pattern that identifies the set of user agents by which log data will be filtered.
Upload all log data regardless of user agent
Set it to a blank value.
From the Filter by Status Code section, perform one of the following steps:
Filter log data by status code
Mark each status code class (e.g., 2xx or 3xx) for which log data will be delivered. Clear all other status code classes.
Upload all log data regardless of status code
Clear all status code classes (e.g., 2xx and 3xx).
From the Log file contains the following fields section, perform the following steps:
Add the request headers, response headers, and cookies that will be logged for each request from the Custom Request Headers, Custom Response Headers, and Custom Cookies options.
You may either select or type the name of the desired headers and/or cookies. Click on the list to add additional headers or cookies. Remove a header or cookie by clicking on its x.
Although other settings take effect quickly, it may take up to 90 minutes before data for custom request/response headers and cookies is logged.
Add or clear all of the fields associated with a category by marking or clearing the category's header.
From the Filter by Edge CNAME section, perform one of the following steps:
Filter log data by one or more edge CNAME(s)
Select one or more edge CNAMEs from the option directly to the right of the above option.
Filter the list by typing the entire or partial hostname. For example, typing co will filter the list to include all hostnames that contain co (e.g., cdn.example.com and corp.example.org).
Upload all log data regardless of edge CNAME
Verify that an edge CNAME has not been defined within this section.
From the Filter by Country section, perform one of the following steps:
Filter log data by one or more countries:
Select one or more countries from the option directly to the right of the above option.
Filter the list by typing the entire or partial country name. For example, typing un will filter the list to include all countries that contain un (e.g., United States and United Kingdom).
Upload all log data regardless of country of origin:
Verify that a country has not been defined within this section.
From the Filter by User Agent option, perform one of the following steps:
Filter log data by user agent
Type a RE2-compatible regular expressionThis type of value is interpreted as a regular expression that defines a pattern of characters. pattern that identifies the set of user agents by which log data will be filtered.
Upload all log data regardless of user agent
Set it to a blank value.
From the Filter by Client IP option, perform one of the following steps:
Filter log data by one or more IP addresses:
Upload all log data regardless of IP address:
Verify that an IP address has not been defined within this section.
From the Filter By Action Type option, perform one of the following steps:
Filter log data by one or more enforcement action(s):
Select or type the name for one or more enforcement action(s).
Upload all log data regardless of enforcement action:
Verify that an enforcement action has not been defined within this section.
From the Filter By Request Method option, perform one of the following steps:
Filter log data by one or more request method(s):
Upload all log data regardless of request method:
Verify that a request method has not been defined within this section.
From the Filter By Scope Name option, perform one of the following steps:
Filter log data by one or more security application manager(s):
Select or type the name for one or more security application manager(s).
Upload all log data regardless of security application manager:
Verify that a security application manager(s) has not been defined within this section.
From the Filter By Action Limit ID option, perform one of the following steps:
Filter log data by one or more rate rule(s):
Type the name for one or more rate rule(s).
Upload all log data regardless of rate rule:
Verify that a rate rule has not been defined within this section.
From the Filter By URL Regex option, perform one of the following steps:
Filter log data by URL
Type a RE2-compatible regular expressionThis type of value is interpreted as a regular expression that defines a pattern of characters. pattern that identifies the set of URLs by which log data will be filtered.
Upload all log data regardless of URL
Set it to a blank value.
From the Log file contains the following fields section, perform the following steps:
From the Filter by Edge CNAME section, perform one of the following steps:
Filter log data by one or more edge CNAME(s)
Select one or more edge CNAMEs from the option directly to the right of the above option.
Filter the list by typing the entire or partial hostname. For example, typing co will filter the list to include all hostnames that contain co (e.g., cdn.example.com and corp.example.org).
Upload all log data regardless of edge CNAME
Verify that an edge CNAME has not been defined within this section.
From the Filter by Country section, perform one of the following steps:
Filter log data by one or more countries:
Select one or more countries from the option directly to the right of the above option.
Filter the list by typing the entire or partial country name. For example, typing un will filter the list to include all countries that contain un (e.g., United States and United Kingdom).
Upload all log data regardless of country of origin:
Verify that a country has not been defined within this section.
From the Filter by User Agent option, perform one of the following steps:
Filter log data by user agent
Type a RE2-compatible regular expressionThis type of value is interpreted as a regular expression that defines a pattern of characters. pattern that identifies the set of user agents by which log data will be filtered.
Upload all log data regardless of user agent
Set it to a blank value.
From the Filter By Security Application Manager option, perform one of the following steps:
Filter log data by one or more security application manager(s):
Select or type the name for one or more security application manager(s).
Upload all log data regardless of security application manager:
Verify that a security application manager(s) has not been defined within this section.
From the Filter By Access Rule option, perform one of the following steps:
Filter log data by one or more access rule(s):
Select or type the name for one or more access rule(s).
Upload all log data regardless of access rule:
Verify that an access rule has not been defined within this section.
From the Filter By Custom Rule option, perform one of the following steps:
Filter log data by one or more custom rule(s):
Select or type the name for one or more custom rule(s).
Upload all log data regardless of custom rule:
Verify that a custom rule has not been defined within this section.
From the Filter By Managed Rule option, perform one of the following steps:
Filter log data by one or more managed rule(s):
Select or type the name for one or more managed rule(s).
Upload all log data regardless of managed rule:
Verify that a managed rule has not been defined within this section.
From the Log file contains the following fields section, perform the following steps:
Set the Log Delivery Enabled option to the "on" position.
RTLD may deliver log data to one or more of the following destinations:
Log fields vary by RTLD module.
Learn more: RTLD CDN | RTLD Rate Limiting