Logs uploader must first be enabled and set up in the Gcore Customer Portal on the Gcore CDN page, or by contacting the Gcore support.
Configuring Logs uploader
In the CDN menu, click Logs and select Logs uploader. Control which fields are exported, how frequently the logs are delivered, and which storage service they are sent to. Supported destinations include Gcore Object Storage, S3-compatible platforms, FTP and SFTP servers, and HTTP(S) endpoints. This flexibility helps you integrate CDN logs into existing observability, analytics, or compliance workflows while effectively managing data volume and processing requirements. The Logs uploader screen has three tabs:- Configurations — link policies and targets to deliver logs
- Policies — set export rules and schedules
- Targets — connect upload destinations
- Configurations
- Policies
- Targets
Configurations Tab
Configurations Tab
Select the Configurations tab to view a table of configurations:
- Configuration ID
Click the column header to sort the table by configuration IDs. - Configuration name
- Click the column header to sort the table by configuration names.
- Click a configuration name to edit the configuration.
- Policy
Click a policy name to edit the linked policy. - Target
Click a target name to edit the linked target. - Status
Linked target status is displayed in the Status column. To re-run the authentication check, click (refresh) at the end of the status message. - More options
Click ⋯ (more options) in the last column to Edit, Disable, or Delete the configuration in that row. - Add configuration
Click Add configuration (top right) to create a new configuration.
Add configurations
Add configurations
- Go to Logs uploader, select the Configurations tab, and click Add configuration.
Enable configuration switch appears at the top of the Add configuration window; to disable the configuration, toggle the switch to the left.
- Select the resources for this configuration:
- All Resources
- Specific Resource(s)
For all resources, including newly created:
- Enter a Name for the configuration.
- Select a Policy to link from the drop-down list.
- Select a Target to link from the drop-down list.
- Click Add configuration again to finish and return to the Logs uploader. The new target appears in the table on the Configurations tab.
Edit configurations
Edit configurations
- Go to Logs uploader and select the Configurations tab.
- Click the configuration name in the Configurations column, or click ⋯ (more options) at the end of that row and select Edit.
Enable configuration switch appears at the top of the Edit configuration window; to disable the configuration, toggle the switch to the left.
- Select the resources for this configuration:
- All Resources
- Specific Resource(s)
For all resources, including newly created:
- Edit configuration Name.
- Select a Policy to link from the drop-down list.
- Select a Target to link from the drop-down list.
- Click Save changes (top right) to return to the Logs uploader.
Enable, disable, or delete configurations
Enable, disable, or delete configurations
- Go to Logs uploader and select the Configurations tab.
- In the row with the configuration name, click ⋯ (more options) in the last column and select Enable, Disable, or Delete.
Log schema and field definitions
Log format example
Log format example
It’s OK if you find a field that’s not listed in the example. We occasionally add new fields to the end of the line. If some fields are added to logs, you’ll receive an email about the update.
Log fields
Log fields
The following table contains a complete list of available log fields. Fields formatted in italics relate to our internal CDN system, so you can ignore them.You can check other fields — they can be helpful for traffic analysis or statistics.
| Field | Log value example | Description |
|---|---|---|
$remote_addr | 0.0.0.0 | User’s IP address |
$remote_user(internal system variable) | - | Username used in Basic authentication |
[$time_local] | [26/Apr/2019:09:47:40 +0000] | Local time in Common Log Format |
$request | GET /ContentCommon/images/image.png HTTP/1.1 | HTTP method, requested file path, and HTTP version |
$status | 200 | Response status code from a CDN server |
$body_bytes_sent | 1514283 | Number of bytes sent to a user, excluding the response header size |
$http_referer | https://example.com/videos/10 | Referrer – a URL requested by a user |
$http_user_agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 YaBrowser/16.10.0.2309 Safari/537.36 | User agent that was used to send a request (browser or other application) |
$bytes_sent | 1514848 | Number of bytes sent to a user |
$edgename | [dh-up-gc18] | CDN server that forwarded the requested file |
$scheme | https | Protocol (HTTP or HTTPS) of a request |
$host | cdn.example.com | Requested hostname of a CDN resource |
$request_time | 1.500 | Request processing time in seconds (accurate to milliseconds); time elapsed between the first bytes of a request being processed and logging after the last bytes were sent to a user |
$upstream_response_time | 0.445 | Number of seconds (accurate to milliseconds) it took to receive a response from an origin. In case of multiple responses, commas and colons are used |
$request_length | 157 | Request length (including request line, header, and request body) |
$http_range | bytes=0-1901653 | File fragment size in a Range request |
[$responding_node] | dh | Responding data center |
$upstream_cache_status | MISS | Status of a requested file in CDN cache: HIT: response served from the CDN cache. STALE: outdated response that failed to update (origin not responding or responding incorrectly). UPDATING: outdated response still updating from a previous request. REVALIDATED: response matching one on an origin (based on the proxy_cache_revalidate directive).EXPIRED: response that has expired in cache but still matches one on an origin; a request was sent to re-cache it. MISS: response served directly from an origin rather than from cache. BYPASS: response for the first file request after clearing the cache (the first request from each CDN server results in BYPASS; subsequent requests on that server result in HIT). |
$upstream_response_length | 10485760 | Response length from an origin in bytes. In case of multiple responses, commas and colons are used |
$upstream_addr | 0.0.0.0:80 | Origin’s IP address and port |
$gcdn_api_client_id(internal system variable) | 123 | Your ID in our system |
$gcdn_api_resource_id(internal system variable) | 01 | Your CDN-resource ID in our system |
$uid_got(internal system variable) | - | Cookie name and received user ID |
$uid_set(internal system variable) | - | Cookie name and provided user ID |
$geoip_country_code | KZ | User’s country code according to the ISO 3166 standard (Alpha-2 code) |
$geoip_city | - | User’s city code |
$shield_type(internal system variable) | shield_no | Indicates whether Origin Shielding is enabled: shield_old – enabled shield_no – disabled |
$server_addr(internal system variable) | 0.0.0.0 | IP address of an Anycast zone or CDN server |
$server_port(internal system variable) | 80 | Requested port |
$upstream_status | 206 | Origin response code |
$upstream_connect_time | 0.000 | Number of seconds (accurate to milliseconds) it took to access an origin server |
$upstream_header_time | 0.200 | Number of seconds (accurate to milliseconds) it took to receive a response header from an origin server |
$shard_addr(internal system variable) | 0.0.0.0 | IP address of a CDN server that was first to accept a request if the Cache Sharding feature is enabled |
$geoip2_data_asnumber | asnumber | Number of an autonomous system that sent a request |
$connection(internal system variable) | 2897494295 | Connection serial number |
$connection_requests(internal system variable) | 1 | Current number of requests made through a connection |
$http_traceparent(internal system variable) | 00-d5fe1dc9035165ce36952daf29686b6c-14330be33197dd1a-01 | Unique request identifier. More info in the Traceparent guide |
$http_x_forwarded_proto | - | Initial protocol of an incoming request (HTTP or HTTPS) |
$gcdn_internal_status_code(internal system variables) | - | Initial status code. Possible values are: -, or 1000-1200 |
$ssl_cipher(internal system variable) | ECDHE-RSA-AES256-GCM-SHA384 | Cipher name used for an established SSL connection |
$ssl_session_id(internal system variable) | 28a4184139cb43cdc79006cf2d1a4ac93bdc**** | Session ID of an established SSL connection |
$ssl_session_reused(internal system variable) | r | Shows whether a session was reused (r) or not (.) |
$sent_http_content_type | application/json | Value of the Content-Type HTTP header, indicating the MIME type of a transmitted file |
$tcpinfo_rtt | 21 | Average time (latency) it takes to transfer a packet to/from a server. The unit of time is microseconds |
$server_country_code | PL | Server’s country code according to the ISO 3166 standard (Alpha-2 code). |
$gcdn_tcpinfo_snd_cwnd | 45 | Size of the TCP Congestion window, i.e., the maximum number of TCP segments that the connection can send before an acknowledgment is required. |
$tcpi_total_retrans | 10 | Total number of retransmitted packets over the life of the connection. |
$gcdn_rule_id | 100700 | Initial rule ID (beta). Possible values are: -, or 100700 |
Internal status codes
Internal status codes
| Reason | HTTP Code | Internal Code | Comment | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Country ACL | 403 | 1001 | |||||||||
| Referer ACL | 403 | 1002 | |||||||||
| IP ACL | 403 | 1003 | |||||||||
| User-Agent ACL | 403 | 1004 | |||||||||
| Secure Token | 403 | 1005 | If the requested link passes the authenticity check, the $secure_link variable is set to the link extracted from the request URI. Otherwise, $secure_link is set to an empty string | ||||||||
| Secure Token | 410 | 1006 | If the link has a limited lifetime and the time has expired, the $secure_link variable is set to "0". | ||||||||
| WAF | 403 | 1007 | Request blocked by WAF | ||||||||
| Bot challenge / Testcookie | 307 | 1008 | Redirection sent by bot challenge (testcookie) | ||||||||
| Blocklist | 403 | 1009 | Request blocked by bot protection blocklist | ||||||||
| HTTP method | 405 | 1200 | AllowedHttpMethods enabled AND HTTP request method not in AllowedHttpMethods list | ||||||||
| Streaming disabled .(ts|m3u8) | 402 | 1201 | Streaming feature disabled for the client | ||||||||
| LE Validation /.well-known/acme-challenge/ | 404 | 1202 | We return 404 if http_user_agent is not in the list `“cert-manager-challenges | acme.zerossl.com | Cpanel-HTTP-Client | Buypass validation client | Google-Certificates-Bridge | vercel-fetch | win-acme | Typhoeus | Go-http-client”`. |
check $http_x_cdn_requestor not empty | 403 | 1203 | Non-authorized request to shield | ||||||||
| Force Return | ANY | 1204 | Status code option, this internal code indicates that the response was generated by this feature |