yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
e93b6e99472e9eed3bcf1c12edb48452e097c84f
doc-exports/docs/wafd/umn/waf_01_0172.html
qinweiwei e93b6e9947 WAF user guide 20251023 version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qinweiwei <qinweiwei@huawei.com>
Co-committed-by: qinweiwei <qinweiwei@huawei.com>
2026-03-26 07:04:29 +00:00

1070 lines
90 KiB
HTML
Raw Blame History

<a name="waf_01_0172"></a><a name="waf_01_0172"></a>
<h1 class="topictitle1">Using LTS to Log WAF Activities</h1>
<div id="body1583227361556"><p id="waf_01_0172__p0715193811414">After you authorize WAF to access Log Tank Service (LTS), you can use the WAF logs recorded by LTS for quick and efficient real-time analysis, device O&amp;M management, and analysis of service trends.</p>
<p id="waf_01_0172__p5364133034317">LTS analyzes and processes a large number of logs. It enables you to process logs in real-time, efficiently, and securely. Logs can be stored in LTS for 30 days by default but you can configure LTS for up to 365 days if needed. Logs earlier than storage duration are automatically deleted. However, you can configure LTS to dump those logs to an Object Storage Service (OBS) bucket or enable Data Ingestion Service (DIS) for long-term storage.</p>
<div class="section" id="waf_01_0172__section18620173633111"><h4 class="sectiontitle">Prerequisites</h4><ul id="waf_01_0172__ul1628203616303"><li id="waf_01_0172__li9564252069">You have applied for your WAF.</li><li id="waf_01_0172__li662918364306"><a href="waf_01_1108.html">You have connected the website you want to protect to WAF.</a></li></ul>
</div>
<div class="section" id="waf_01_0172__section17224433506"><h4 class="sectiontitle">Impact on the System</h4><p id="waf_01_0172__p14108241508">Enabling LTS for WAF does not affect WAF performance.</p>
</div>
<div class="section" id="waf_01_0172__section1687712815618"><h4 class="sectiontitle">Enabling LTS for WAF Protection Event Logging</h4><ol id="waf_01_0172__ol521413913717"><li id="waf_01_0172__li612711519813"><span>Log in to the management console.</span></li><li id="waf_01_0172__li458314281487"><span>Click <span><img id="waf_01_0172__en-us_topic_0000002335595889_image158886314810" src="en-us_image_0000002395174933.png"></span> in the upper left corner and select a region or project.</span></li><li id="waf_01_0172__li159657213511"><span>Click <span><img id="waf_01_0172__en-us_topic_0000002335595889_image172869321316" src="en-us_image_0000002395334641.png"></span> in the upper left corner and choose <strong id="waf_01_0172__en-us_topic_0000002335595889_b1545322105418">Web Application Firewall (Dedicated)</strong> under <strong id="waf_01_0172__en-us_topic_0000002335595889_b12545122195419">Security</strong>.</span></li><li id="waf_01_0172__li86686045213"><span>In the navigation pane on the left, click <strong id="waf_01_0172__en-us_topic_0000002335595889_b133727181559">Events</strong>.</span></li><li id="waf_01_0172__li194211114619"><span>Click the <strong id="waf_01_0172__b10678244142120">Configure Logs</strong> or <strong id="waf_01_0172__b1703195252119">Log Settings</strong> tab, enable LTS (<span><img id="waf_01_0172__image01741429279" src="en-us_image_0000002395334897.png"></span>), and select a log group and log stream. <a href="#waf_01_0172__table11535733111515">Table 1</a> describes the parameters.</span><p><div class="fignone" id="waf_01_0172__fig928951613101"><span class="figcap"><b>Figure 1 </b>Log settings</span><br><span><img id="waf_01_0172__image15237727171916" src="en-us_image_0000002361654992.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="tablenoborder"><a name="waf_01_0172__table11535733111515"></a><a name="table11535733111515"></a><table cellpadding="4" cellspacing="0" summary="" id="waf_01_0172__table11535733111515" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Log configuration</caption><thead align="left"><tr id="waf_01_0172__row353613334158"><th align="left" class="cellrowborder" valign="top" width="26.12261226122612%" id="mcps1.3.5.2.5.2.2.2.4.1.1"><p id="waf_01_0172__p1253613311155">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="40.54405440544054%" id="mcps1.3.5.2.5.2.2.2.4.1.2"><p id="waf_01_0172__p1953615334156">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.5.2.5.2.2.2.4.1.3"><p id="waf_01_0172__p053618337154">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="waf_01_0172__row15536143321520"><td class="cellrowborder" valign="top" width="26.12261226122612%" headers="mcps1.3.5.2.5.2.2.2.4.1.1 "><p id="waf_01_0172__p10652523141810">Log Group</p>
</td>
<td class="cellrowborder" valign="top" width="40.54405440544054%" headers="mcps1.3.5.2.5.2.2.2.4.1.2 "><p id="waf_01_0172__p2065292319189">Select a log group or click <strong id="waf_01_0172__b1153102813312">View Log Group</strong> to go to the LTS console and create a log group.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.5.2.2.2.4.1.3 "><p id="waf_01_0172__p153673314156">lts-group-waf</p>
</td>
</tr>
<tr id="waf_01_0172__row15536133111516"><td class="cellrowborder" valign="top" width="26.12261226122612%" headers="mcps1.3.5.2.5.2.2.2.4.1.1 "><p id="waf_01_0172__p253615332154">Attack Log</p>
</td>
<td class="cellrowborder" valign="top" width="40.54405440544054%" headers="mcps1.3.5.2.5.2.2.2.4.1.2 "><p id="waf_01_0172__p1032182613309">Select a log stream or click <strong id="waf_01_0172__b1418315168321">View Log Stream</strong> to go to the LTS console and create a log stream.</p>
<p id="waf_01_0172__p753615332155">An attack log includes information about event type, protective action, and attack source IP address of each attack.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.5.2.2.2.4.1.3 "><p id="waf_01_0172__p153623314154">lts-topic-waf-attack</p>
</td>
</tr>
<tr id="waf_01_0172__row5536143301512"><td class="cellrowborder" valign="top" width="26.12261226122612%" headers="mcps1.3.5.2.5.2.2.2.4.1.1 "><p id="waf_01_0172__p115362335150">Access Log</p>
</td>
<td class="cellrowborder" valign="top" width="40.54405440544054%" headers="mcps1.3.5.2.5.2.2.2.4.1.2 "><p id="waf_01_0172__p184795291303">Select a log stream or click <strong id="waf_01_0172__b1162895083315">View Log Stream</strong> to go to the LTS console and create a log stream.</p>
<p id="waf_01_0172__p115361333191515">An access log includes key information about access time, client IP address, and resource URL of each HTTP access requests.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.5.2.5.2.2.2.4.1.3 "><p id="waf_01_0172__p1353623321510">lts-topic-waf-access</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="waf_01_0172__li176785134299"><span>Click <strong id="waf_01_0172__b6798367344">OK</strong>. </span><p><p id="waf_01_0172__p143561826153515">You can view WAF protection event logs on the LTS console.</p>
</p></li></ol>
</div>
<div class="section" id="waf_01_0172__section526212134228"><h4 class="sectiontitle">Checking and Downloading WAF Protection Event Logs on LTS</h4><p id="waf_01_0172__p17694113114227">After enabling LTS, you can go to the LTS console and check, analyze, and download WAF logs.</p>
<ol id="waf_01_0172__ol19446171532717"><li id="waf_01_0172__li1897111441710"><span>Log in to the management console.</span></li><li id="waf_01_0172__li83141765227"><span>Click <span><img id="waf_01_0172__image1285915942216" src="en-us_image_0000002361495104.jpg"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="waf_01_0172__li18040166165"><span>Click <span><img id="waf_01_0172__image3679172316167" src="en-us_image_0000002361495112.png"></span> in the upper left corner of the page and choose <strong id="waf_01_0172__b1635318351560">Management &amp; Deployment</strong> &gt; <strong id="waf_01_0172__b16471204214615">Log Tank Service</strong>.</span></li><li id="waf_01_0172__li20370841164717"><span>In the log group list, click <span><img id="waf_01_0172__image1650491193116" src="en-us_image_0000002361655000.png"></span> to expand the WAF log group (for example, <strong id="waf_01_0172__b2036854013815">lts-group-waf</strong>).</span></li><li id="waf_01_0172__li19881527185718"><span>In the log stream list, click the log stream name to go to the log stream log page. Then, you can check and analyze logs.</span></li></ol>
</div>
<div class="section" id="waf_01_0172__section77348108368"><h4 class="sectiontitle">WAF access_log Field Description</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="waf_01_0172__table10596413539" frame="border" border="1" rules="all"><thead align="left"><tr id="waf_01_0172__row56294135315"><th align="left" class="cellrowborder" valign="top" width="16.161616161616163%" id="mcps1.3.7.2.1.5.1.1"><p id="waf_01_0172__p53471313133711">Field</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="17.171717171717173%" id="mcps1.3.7.2.1.5.1.2"><p id="waf_01_0172__p334731363717">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.181818181818183%" id="mcps1.3.7.2.1.5.1.3"><p id="waf_01_0172__p16347513103710">Field Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="48.484848484848484%" id="mcps1.3.7.2.1.5.1.4"><p id="waf_01_0172__p9348613143718">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="waf_01_0172__row274819469365"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p19749164614363">access_log.requestid</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p11750146203615">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p19750104618361">Random ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p195331050163819">The value is the same as the last eight characters of the <strong id="waf_01_0172__b396513012398">req_id</strong> field in the attack log.</p>
</td>
</tr>
<tr id="waf_01_0172__row662411313404"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1562481315401">access_log.time</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p19624151312409">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1293312477404">Access time</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p189331347174010">GMT time a log is generated.</p>
</td>
</tr>
<tr id="waf_01_0172__row378954916413"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p2790949247">access_log.connection_requests</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p779012491146">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p2079016493415">Sequence number of the request over the connection</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1379004919413">-</p>
</td>
</tr>
<tr id="waf_01_0172__row76310417530"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1126201044114">access_log.eng_ip</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p17125141034110">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p20124171054112">IP address of the WAF engine</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p11123171024111">-</p>
</td>
</tr>
<tr id="waf_01_0172__row158937148614"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p208933141162">access_log.pid</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1892512461771">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p10893171418616">The engine that processes the request</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p158933147610">Engine (worker PID).</p>
</td>
</tr>
<tr id="waf_01_0172__row7634419533"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p11594441073">access_log.hostid</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p124625231428">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p54320109404">Domain name identifier of the access request.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p13942343144214">Protected domain name ID (upstream_id).</p>
</td>
</tr>
<tr id="waf_01_0172__row1663345531"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1273718994217">access_log.tenantid</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1973618994218">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p886584164314">Account ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p17323917423">Each account corresponds to a tenant ID.</p>
</td>
</tr>
<tr id="waf_01_0172__row864174165320"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p2016752012436">access_log.projectid</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p373963616440">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1916272019437">ID of the project the protected domain name belongs to</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1214410294440">Project ID of a user in a specific region.</p>
</td>
</tr>
<tr id="waf_01_0172__row2641748530"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p258707111020">access_log.remote_ip</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p782934917431">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p191622262399">Remote IP address of the request at layer 4</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p9975131117452">IP address from which a client request originates.</p>
<div class="notice" id="waf_01_0172__note1097618115450"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="waf_01_0172__p1997661164513">If a layer-7 proxy is deployed in front of WAF, this field indicates the IP address of the proxy node closest to WAF. The real IP address of the visitor is specified by the <strong id="waf_01_0172__b5307423172015">x-forwarded-for</strong> and <strong id="waf_01_0172__b174920310207">x_real_ip</strong> fields.</p>
</div></div>
</td>
</tr>
<tr id="waf_01_0172__row5132145015102"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p7133145018107">access_log.remote_port</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p14981132311117">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p713319508101">Remote port of the request at layer 4</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p10133205021013">Port used by the IP address from which a client request originates</p>
</td>
</tr>
<tr id="waf_01_0172__row912818273127"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1512862791210">access_log.sip</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p21283271129"> string</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p13128182710125">IP address of the client that sends the request</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p012872710124">For example, XFF.</p>
</td>
</tr>
<tr id="waf_01_0172__row121521681471"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1651431545415">access_log.scheme</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p8152148144719">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p3614192211544">Request protocol</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p109691727195412">Protocols that can be used in the request:</p>
<ul id="waf_01_0172__ul9969527125420"><li id="waf_01_0172__li5969227185418">HTTP</li><li id="waf_01_0172__li2969627125414">HTTPS</li></ul>
</td>
</tr>
<tr id="waf_01_0172__row17117104965416"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p13553153817541">access_log.response_code</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p14552338185419">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p19551838175414">Response code</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p18147183765518">Response status code returned by the origin server to WAF.</p>
</td>
</tr>
<tr id="waf_01_0172__row10663141315588"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p14698047135519">access_log.method</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p3695194719553">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1962914175616">Request method.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p2962121485616">Request type in a request line. Generally, the value is <strong id="waf_01_0172__b1363722915190">GET</strong> or <strong id="waf_01_0172__b915712345197">POST</strong>.</p>
</td>
</tr>
<tr id="waf_01_0172__row1672674410714"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p9910217205615">access_log.http_host</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p3909101712561">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p550335820563">Domain name of the requested server.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p12908181717562">Address, domain name, or IP address entered in the address bar of a browser.</p>
</td>
</tr>
<tr id="waf_01_0172__row159341243151114"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p22071642560">access_log.url</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p13321179572">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p050214225714">Request URL.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p650224285720">Path in a URL (excluding the domain name).</p>
</td>
</tr>
<tr id="waf_01_0172__row488755861913"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1919234655711">access_log.request_length</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p151922461577">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1209134155820">Request length.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p182098343589">The request length includes the access request address, HTTP request header, and number of bytes in the request body.</p>
</td>
</tr>
<tr id="waf_01_0172__row515718254241"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p291710369580">access_log.bytes_send</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1391543620582">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p16944121635912">Total number of bytes sent to the client.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p691316366587">Number of bytes sent by WAF to the client.</p>
</td>
</tr>
<tr id="waf_01_0172__row94911052122613"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1777144925916">access_log.body_bytes_sent</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p87014913593">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1168134910598">Total number of bytes of the response body sent to the client</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p534517371503">Number of bytes of the response body sent by WAF to the client</p>
</td>
</tr>
<tr id="waf_01_0172__row11721811113014"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p695104735719">access_log.upstream_addr</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p4811358217">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p17319521527">Address of the backend server.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1698284919020">IP address of the origin server for which a request is destined. For example, if WAF forwards requests to an ECS, the IP address of the ECS is returned to this parameter.</p>
</td>
</tr>
<tr id="waf_01_0172__row14643174243418"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p674716291426">access_log.request_time</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1974617291622">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p16745122920216">Request processing time</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p574311291224">Processing time starts when the first byte of the client is read (unit: s).</p>
</td>
</tr>
<tr id="waf_01_0172__row7613529173611"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p171254156310">access_log.upstream_response_time</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p7124615834">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p148185315313">Backend server response time</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p2117415937">Time the backend server responds to the WAF request (unit: s).</p>
</td>
</tr>
<tr id="waf_01_0172__row6202141821017"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p178137498310">access_log.upstream_status</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1549713415416">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p148122491237">Backend server response code</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p108111249138">Response status code returned by the backend server to WAF.</p>
</td>
</tr>
<tr id="waf_01_0172__row460882541217"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p137731917259">access_log.upstream_connect_time</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1377131716515">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p127701017951">Time for the origin server to establish a connection to its backend services. Unit: second.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1486123122717">When SSL is used, the time for the handshake process is also recorded. Time used for establishing a connection for a request. Use commas (,) to separate the time used for each request.</p>
</td>
</tr>
<tr id="waf_01_0172__row181315538139"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p15751487619">access_log.upstream_header_time</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p17754810614">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p574681364">Time used by the backend server to receive the first byte of the response header. Unit: second</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p2704813614">Response time for multiple requests. Use commas (,) to separate the time used for each response.</p>
</td>
</tr>
<tr id="waf_01_0172__row1478010298141"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p137727387612">access_log.bind_ip</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p777113381563">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p8383111515715">WAF engine back-to-source IP address.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p16383181512713">The IP address of the NIC used by the engine for forwarding requests to the origin server. This value is not the EIP bound to the engine even if the engine forwards requests over the EIP.</p>
</td>
</tr>
<tr id="waf_01_0172__row1866925901820"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p43973194519">access_log.group_id</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p5455115319714">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p67057431274">LTS log group ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1753913181714">ID of the log group for interconnecting WAF with LTS.</p>
</td>
</tr>
<tr id="waf_01_0172__row127655101212"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p162561561977">access_log.access_stream_id</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p376624218811">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p15255195619713">Log stream ID.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p2254356979">ID of <strong id="waf_01_0172__b19631204793111">access_stream</strong> of the user in the log group identified by the <strong id="waf_01_0172__b98014311321">group_id</strong> field.</p>
</td>
</tr>
<tr id="waf_01_0172__row285175322318"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p58231090916">access_log.engine_id</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p161752831010">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p3934142913101">WAF engine ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1193412916107">Unique ID of the WAF engine.</p>
</td>
</tr>
<tr id="waf_01_0172__row64283733420"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p911014221365">access_log.time_iso8601</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p724864861015">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p424844811100">ISO 8601 time format of logs.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p9247144810107">-</p>
</td>
</tr>
<tr id="waf_01_0172__row868983611116"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p10689193651118">access_log.sni</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p336494310111">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p136891636111114">Domain name requested through SNI.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p9689193610114">-</p>
</td>
</tr>
<tr id="waf_01_0172__row16671173361217"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1467153319125">access_log.tls_version</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p92222044141213">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p12755194031211">Protocol versioning an SSL connection.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p5109134981219">TLS version used in the request.</p>
</td>
</tr>
<tr id="waf_01_0172__row37001597250"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p13452458201212">access_log.ssl_curves</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1045135818129">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p9449205821213">Curve group list supported by the client.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1144816580122">-</p>
</td>
</tr>
<tr id="waf_01_0172__row127981596137"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p97989592135">access_log.ssl_session_reused</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p19798259171312">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p5798175910132">SSL session reuse</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p579865931315">Whether the SSL session can be reused</p>
<p id="waf_01_0172__p46218201515"><strong id="waf_01_0172__b5554141418398">r</strong>: Yes</p>
<p id="waf_01_0172__p184618204159"><strong id="waf_01_0172__b1993142413919">.</strong>: No</p>
</td>
</tr>
<tr id="waf_01_0172__row16990161401612"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p69915140165">access_log.process_time</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p199111144162">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p099111441619">Engine attack detection duration (unit: ms)</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p11991171414168">-</p>
</td>
</tr>
<tr id="waf_01_0172__row68171211286"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p38171012088">access_log.args</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p2081711110820">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p4817018816">The parameter data in the URL</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p175316451783">-</p>
</td>
</tr>
<tr id="waf_01_0172__row175598121189"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p356015121985">access_log.x_forwarded_for</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1456115121188">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p8659132320912">IP address chain for a proxy when the proxy is deployed in front of WAF.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p4659123790">The sting includes one or more IP addresses.</p>
<p id="waf_01_0172__p1165952313916">The leftmost IP address is the originating IP address of the client. Each time the proxy server receives a request, it adds the source IP address of the request to the right of the originating IP address.</p>
</td>
</tr>
<tr id="waf_01_0172__row8745481888"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1474528684">access_log.cdn_src_ip</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1774519819817">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p10227181761018">Client IP address identified by CDN when CDN is deployed in front of WAF</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p22276170101">This field specifies the real IP address of the client if CDN is deployed in front of WAF.</p>
<div class="notice" id="waf_01_0172__note4227101717108"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><p id="waf_01_0172__p11227101717104">Some CDN vendors may use other fields. WAF records only the most common fields.</p>
</div></div>
</td>
</tr>
<tr id="waf_01_0172__row42051563813"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1220511617820">access_log.x_real_ip</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1205461686">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p97209710108">Real IP address of the client when a proxy is deployed in front of WAF.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p177203701013">Real IP address of the client, which is identified by the proxy.</p>
</td>
</tr>
<tr id="waf_01_0172__row1434991819812"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p13493181387">access_log.intel_crawler</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1734916182814">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p193497182089">Used for intelligence anti-crawler analysis.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p173494181985">-</p>
</td>
</tr>
<tr id="waf_01_0172__row123491018989"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p434915188815">access_log.ssl_ciphers_md5</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p134916183816">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1234915188811">MD5 value of the SSL cipher (ssl_ciphers).</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1234910182081">-</p>
</td>
</tr>
<tr id="waf_01_0172__row15690184981117"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p18690174941113">access_log.ssl_cipher</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p19690549101113">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p18690134911110">SSL cipher used.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p15690149181114">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1634914185813"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p8349131810812">access_log.web_tag</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p6349121819812">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p123505186816">Website name.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p4350618886">-</p>
</td>
</tr>
<tr id="waf_01_0172__row15889646141110"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p3889546171115">access_log.user_agent</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p98899469118">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p4889204610110">User agent in the request header.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p888944661112">-</p>
</td>
</tr>
<tr id="waf_01_0172__row335012189813"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p113503185810">access_log.upstream_response_length</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p1635019181783">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p2350618889">Backend server response size.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p183508182812">-</p>
</td>
</tr>
<tr id="waf_01_0172__row29303391122"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1930439191211">access_log.region_id</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p993016395129">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1293019393127">Region where the request is received.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1930113914129">-</p>
</td>
</tr>
<tr id="waf_01_0172__row79303394122"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p3930153961217">access_log.enterprise_project_id</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p129301439161217">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1393083981218">ID of the enterprise project that the requested domain name belongs to.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p19930123911125">-</p>
</td>
</tr>
<tr id="waf_01_0172__row78783010136"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1187103015135">access_log.referer</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p487330111314">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1787330121315">Referer content in the request header.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p1387430191316">The value can contain a maximum of 128 characters. Characters over 128 characters will be truncated.</p>
</td>
</tr>
<tr id="waf_01_0172__row98711309136"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p887183015132">access_log.rule</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p287173019132">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p18713017135">Protection rule that the request matched.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p3871030121310">If multiple rules are matched, only one rule is displayed.</p>
</td>
</tr>
<tr id="waf_01_0172__row1860975225816"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p2060985213586">access_log.category</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p7609105215586">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p1561085212580">Log category matched by the request.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p18610652145813">-</p>
</td>
</tr>
<tr id="waf_01_0172__row12640161695911"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p1640916105912">access_log.waf_time</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p9640316155917">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p186401516115915">Time an access request is received.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><p id="waf_01_0172__p15641191605917">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1229405953211"><td class="cellrowborder" valign="top" width="16.161616161616163%" headers="mcps1.3.7.2.1.5.1.1 "><p id="waf_01_0172__p829565963212">access_log.geo</p>
</td>
<td class="cellrowborder" valign="top" width="17.171717171717173%" headers="mcps1.3.7.2.1.5.1.2 "><p id="waf_01_0172__p029510592325">String</p>
</td>
<td class="cellrowborder" valign="top" width="18.181818181818183%" headers="mcps1.3.7.2.1.5.1.3 "><p id="waf_01_0172__p4886111513511">Mark of geographical location.</p>
</td>
<td class="cellrowborder" valign="top" width="48.484848484848484%" headers="mcps1.3.7.2.1.5.1.4 "><ul id="waf_01_0172__ul11812428349"><li id="waf_01_0172__li188124219340"><strong id="waf_01_0172__b1270431414517">c</strong>: Country name</li><li id="waf_01_0172__li1795519194348"><strong id="waf_01_0172__b172450181854">r</strong>: name of a specific geographical location.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="waf_01_0172__section27001950171916"><h4 class="sectiontitle">WAF attack_log Field Description</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="waf_01_0172__table3700195011910" frame="border" border="1" rules="all"><thead align="left"><tr id="waf_01_0172__row107001750151916"><th align="left" class="cellrowborder" valign="top" width="17.669999999999998%" id="mcps1.3.8.2.1.5.1.1"><p id="waf_01_0172__p1370016509191">Field</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="11.37%" id="mcps1.3.8.2.1.5.1.2"><p id="waf_01_0172__p127012508190">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22.470000000000002%" id="mcps1.3.8.2.1.5.1.3"><p id="waf_01_0172__p1570135019196">Field Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="48.49%" id="mcps1.3.8.2.1.5.1.4"><p id="waf_01_0172__p570145010191">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="waf_01_0172__row1584433733918"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1984453713920">attack_log.category</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p125378474398">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p135375477396">Log category</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p17537547163912">The value is <strong id="waf_01_0172__b1073412485127">attack</strong>.</p>
</td>
</tr>
<tr id="waf_01_0172__row163131920174012"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p16717172754018">attack_log.time</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p67171127184015">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p3717827164018">Log time</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p7717527114020">-</p>
</td>
</tr>
<tr id="waf_01_0172__row85181743174017"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p71221347415">attack_log.time_iso8601</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p10122154194113">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1312215413416">ISO 8601 time format of logs.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p111220412417">-</p>
</td>
</tr>
<tr id="waf_01_0172__row387943119412"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p16879173118411">attack_log.policy_id</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p8879931154111">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p179143234213">Policy ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p19879731164114">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1840191111424"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p16483184535317">attack_log.level</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p230413493427">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p88401211204210">Protection level</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p8755638124316">Protection level of a built-in rule in basic web protection</p>
<ul id="waf_01_0172__ul06621721154416"><li id="waf_01_0172__li2066214211448"><strong id="waf_01_0172__b395453410148">1</strong>: Low</li><li id="waf_01_0172__li16623213445"><strong id="waf_01_0172__b9280153915145">2</strong>: Medium</li><li id="waf_01_0172__li466272114416"><strong id="waf_01_0172__b2575154818143">3</strong>: High</li></ul>
</td>
</tr>
<tr id="waf_01_0172__row1271225010199"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p77091453165319">attack_log.attack</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p4712135031917">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1471255012191">Type of attack</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p471365041917">Attack type. This parameter is listed in attack logs only.</p>
<ul id="waf_01_0172__ul6713115013191"><li id="waf_01_0172__li1346720248454"><strong id="waf_01_0172__b2506541161618">default</strong>: default attacks</li><li id="waf_01_0172__li571345020198"><strong id="waf_01_0172__b106391451161612">sqli</strong>: SQL injections</li><li id="waf_01_0172__li1771315505193"><strong id="waf_01_0172__b64191354111610">xss</strong>: cross-site scripting (XSS) attacks</li><li id="waf_01_0172__li11713105051918"><strong id="waf_01_0172__b20831135671620">webshell</strong>: web shells</li><li id="waf_01_0172__li4713175018191"><strong id="waf_01_0172__b01420191718">robot</strong>: malicious crawlers</li><li id="waf_01_0172__li37141150181911"><strong id="waf_01_0172__b18877112191715">cmdi</strong>: command injections</li><li id="waf_01_0172__li197141850151914"><strong id="waf_01_0172__b15475171161716">rfi</strong>: remote file inclusion attacks</li><li id="waf_01_0172__li37141950141917"><strong id="waf_01_0172__b252332611711">lfi</strong>: local file inclusion attacks</li><li id="waf_01_0172__li971418504195"><strong id="waf_01_0172__b846712298175">illegal</strong>: unauthorized requests</li><li id="waf_01_0172__li2714750161910"><strong id="waf_01_0172__b126501432171711">vuln</strong>: exploits</li><li id="waf_01_0172__li151958437494"><strong id="waf_01_0172__b189111243131514">default_cc</strong>: attacks that hit a default CC attack protection rule</li><li id="waf_01_0172__li1271416504193"><strong id="waf_01_0172__b86781644151714">cc</strong>: attacks that hit a CC protection rule</li><li id="waf_01_0172__li137157508198"><strong id="waf_01_0172__b66121349191712">custom_custom</strong>: attacks that hit a precise protection rule</li><li id="waf_01_0172__li57151250121910"><strong id="waf_01_0172__b1426213818182">custom_whiteblackip</strong>: attacks that hit an IP address blacklist or whitelist rule</li><li id="waf_01_0172__li20715105001920"><strong id="waf_01_0172__b1859321751811">custom_geoip</strong>: attacks that hit a geolocation access control rule</li><li id="waf_01_0172__li11715135018192"><strong id="waf_01_0172__b8382838101810">antitamper</strong>: attacks that hit a web tamper protection rule</li><li id="waf_01_0172__li1571525011912"><strong id="waf_01_0172__b1878218532185">anticrawler</strong>: attacks that hit the JS challenge anti-crawler rule</li><li id="waf_01_0172__li1871565061920"><strong id="waf_01_0172__b1550154614194">leakage</strong>: vulnerabilities that hit an information leakage prevention rule</li><li id="waf_01_0172__li14707145512506"><strong id="waf_01_0172__b1391202141616">antiscan_high_freq_scan</strong>: attacks that hit malicious scanning rules.</li><li id="waf_01_0172__li10548152741811"><strong id="waf_01_0172__b58291333121612">antiscan_dir_traversal</strong>: directory scanning attacks</li><li id="waf_01_0172__li12808161415011"><strong id="waf_01_0172__b1783752171617">custom_idc_ip</strong>: attacks that hit a threat intelligence access control rule</li><li id="waf_01_0172__li173383324010"><strong id="waf_01_0172__b921214171173">botm</strong>: attacks that hit a bot protection rule</li><li id="waf_01_0172__li74441229195116"><strong id="waf_01_0172__b1366905111123">followed_action</strong>: The source is marked as a known attack source.</li></ul>
</td>
</tr>
<tr id="waf_01_0172__row36621331175212"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p7662163112521">attack_log.action</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p8662133165219">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p66621431155213">Protective action</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p1866213135218">WAF defense action.</p>
<ul id="waf_01_0172__ul620664355312"><li id="waf_01_0172__li11206194311537"><span class="parmvalue" id="waf_01_0172__parmvalue11346203810351"><b>block</b></span>: WAF blocks attacks.</li><li id="waf_01_0172__li13206543125319"><strong id="waf_01_0172__b232212418353">log</strong>: WAF only logs detected attacks.</li><li id="waf_01_0172__li12206174325316"><strong id="waf_01_0172__b361620586250">captcha</strong>: A verification code is required.</li></ul>
</td>
</tr>
<tr id="waf_01_0172__row324191613563"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p624181695619">attack_log.sub_type</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p202412162563">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p163511524568">Crawler types</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p1071532185713">When <strong id="waf_01_0172__b8417145742819">attack</strong> is set to <strong id="waf_01_0172__b54192482283">robot</strong>, this parameter cannot be left blank.</p>
<ul id="waf_01_0172__ul7228173735712"><li id="waf_01_0172__li722812372577"><strong id="waf_01_0172__b240481342916">script_tool</strong>: script tools</li><li id="waf_01_0172__li1228537195711"><strong id="waf_01_0172__b81736452291">search_engine</strong>: search engines</li><li id="waf_01_0172__li92281937195713"><strong id="waf_01_0172__b11178553713">scanner</strong>: scanning tools</li><li id="waf_01_0172__li422813715717"><strong id="waf_01_0172__b2545202315310">uncategorized</strong>: other crawlers</li></ul>
</td>
</tr>
<tr id="waf_01_0172__row1371895021914"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p435142025">attack_log.rule</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1371811508197">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1959511316588">ID of the triggered rule or the description of the custom policy type.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p1071855071915">-</p>
</td>
</tr>
<tr id="waf_01_0172__row16972351834"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p116971352315">attack_log.rule_name</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p769793519320">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p26971335537">Description of a custom rule type.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p869714357315">This field is empty when a basic protection rule is matched.</p>
</td>
</tr>
<tr id="waf_01_0172__row724313905918"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p88781845741">attack_log.location</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p924411915596">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p42441918597">Location triggering the malicious load</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p624429165914">-</p>
</td>
</tr>
<tr id="waf_01_0172__row17360102919512"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p936012291259">attack_log.req_body</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p15360142919519">sting</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p2036082912510">Request body.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p236011294511">-</p>
</td>
</tr>
<tr id="waf_01_0172__row45006179616"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p250014171867">attack_log.resp_headers</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1667810357614">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p2678335669">Response header</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p126781735562">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1536614245112"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p136619241913">attack_log.hit_data</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p238523220118">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p183665241611">String triggering the malicious load</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p136618241811">-</p>
</td>
</tr>
<tr id="waf_01_0172__row14993522300"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p6205115517615">attack_log.resp_body</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p24181441107">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1341817411601">Response body</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p12993192212017">-</p>
</td>
</tr>
<tr id="waf_01_0172__row11578116121212"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p165783617126">attack_log.backend.protocol</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p548041715127">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p135781766124">Backend protocol.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p17578176161211">-</p>
</td>
</tr>
<tr id="waf_01_0172__row0140135151213"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p3140135171218">attack_log.backend.alive</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p814114356121">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p614153513124">Backend server status.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p5141335141218">-</p>
</td>
</tr>
<tr id="waf_01_0172__row15575594127"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p555765917127">attack_log.backend.port</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p630015571310">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p555765914124">Backend server port.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p3557105910120">-</p>
</td>
</tr>
<tr id="waf_01_0172__row2938534161311"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p7938153420137">attack_log.backend.host</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p179589312147">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p159381834131314">Backend server host value.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p129381734111317">-</p>
</td>
</tr>
<tr id="waf_01_0172__row646414327132"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p44651732141318">attack_log.backend.type</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p10819201801417">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p204655328134">Backend server type.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p18465123211312">IP address or domain name.</p>
</td>
</tr>
<tr id="waf_01_0172__row43661820161514"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1436613208153">attack_log.backend.weight</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p76865961619">number</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p14366102081512">Backend server weight.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p1436692018157">-</p>
</td>
</tr>
<tr id="waf_01_0172__row134112531339"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p657204715166">attack_log.status</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p123417531431">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p107412311418">Response status code</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p334119531733">-</p>
</td>
</tr>
<tr id="waf_01_0172__row22021292172"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1320209101713">attack_log.upstream_status</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p18390016161714">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p112021998177">Origin server response code.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p182021591173">-</p>
</td>
</tr>
<tr id="waf_01_0172__row597311253415"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1756511214185">attack_log.reqid</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1397316251845">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p16973325348">Random ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p226731841814">The value consists of the engine IP address suffix, request timestamp, and request ID allocated by Nginx.</p>
</td>
</tr>
<tr id="waf_01_0172__row4997167182012"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p129973716200">attack_log.requestid</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p149771016162019">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p199897182013">Unique ID of the request.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p12998973202">Request ID allocated by Nginx.</p>
</td>
</tr>
<tr id="waf_01_0172__row7744132366"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1392765720192">attack_log.id</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p7642191363">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p4744026617">Attack ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p2744321463">ID of the attack</p>
</td>
</tr>
<tr id="waf_01_0172__row77401218717"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p111096917218">attack_log.method</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p7611152474">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p17611952677">Request method</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p861125212711">-</p>
</td>
</tr>
<tr id="waf_01_0172__row199785512714"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p4866118192113">attack_log.sip</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p2528151410917">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p189974551078">Client request IP address</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p18997135516713">-</p>
</td>
</tr>
<tr id="waf_01_0172__row28916260911"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1896115407219">attack_log.sport</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p189116263920">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p86530461997">Client request port</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p178912267920">-</p>
</td>
</tr>
<tr id="waf_01_0172__row107212054293"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p11621149192113">attack_log.host</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p8721854490">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p118110302104">Requested domain name</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p872115541490">-</p>
</td>
</tr>
<tr id="waf_01_0172__row085073912109"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p15378056152113">attack_log.http_host</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p18694185614101">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p174451501113">Domain name of the requested server.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p17851239171020">-</p>
</td>
</tr>
<tr id="waf_01_0172__row0110131718114"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p163271810223">attack_log.hport</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p211011721115">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1878224117116">Port of the requested server.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p311041711120">-</p>
</td>
</tr>
<tr id="waf_01_0172__row4512105251118"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1751681622210">attack_log.uri</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1851395212112">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p19818172518124">Request URL.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p6513352191110">The domain is excluded.</p>
</td>
</tr>
<tr id="waf_01_0172__row19631559101114"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p232912513221">attack_log.header</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p296311590117">A JSON string. A JSON table is obtained after the string is decoded.</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p17963135911115">Request header</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p596395916118">-</p>
</td>
</tr>
<tr id="waf_01_0172__row12381856121112"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p46001545237">attack_log.mutipart</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p777274261519">A JSON string. A JSON table is obtained after the string is decoded.</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1738356161117">Request multipart header</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p3381456191112">This parameter is used to upload files.</p>
</td>
</tr>
<tr id="waf_01_0172__row16745892166"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p571261282313">attack_log.cookie</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p107451293168">A JSON string. A JSON table is obtained after the string is decoded.</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p11745794166">Cookie of the request</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p117451099168">-</p>
</td>
</tr>
<tr id="waf_01_0172__row86967112178"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p194081119132319">attack_log.params</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1696511181714">A JSON string. A JSON table is obtained after the string is decoded.</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p19396133781712">Params value following the request URI.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p7696131141714">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1476144771718"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p656452512317">attack_log.body_bytes_sent</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1947694731718">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p11535121791810">Total number of bytes of the response body sent to the client.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p04761347161715">Total number of bytes of the response body sent by WAF to the client.</p>
</td>
</tr>
<tr id="waf_01_0172__row1215514012184"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p831534172319">attack_log.upstream_response_time</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p151551140191820">String </p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p16155124081811">Time elapsed since the backend server received the response content from the upstream service. Unit: second.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p173814282534">Response time for multiple requests. Use commas (,) to separate the time used for each response.</p>
</td>
</tr>
<tr id="waf_01_0172__row17778637142019"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1085611412417">attack_log.engine_id</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1481157162020">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p16779337112019">Unique ID of the engine</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p15779153711203">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1496124172418"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p129611141192410">attack_log.region_id</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p132361325192513">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p796115414244">ID of the region where the engine is located.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p4961134120244">-</p>
</td>
</tr>
<tr id="waf_01_0172__row15501651172411"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p150165117247">attack_log.engine_ip</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p687419254255">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p155013517245">Engine IP address.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p350175182417">-</p>
</td>
</tr>
<tr id="waf_01_0172__row6561198162617"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p3705101652615">attack_log.process_time</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p12705111611268">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1670511165264">Detection duration</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p070511616266">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1366218611267"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p466276132617">attack_log.remote_ip</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p22112217303">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1466266152613">Layer-4 IP address of the client that sends the request.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p5662196182611">-</p>
</td>
</tr>
<tr id="waf_01_0172__row167433942614"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p567403942613">attack_log.x_forwarded_for</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1456412218306">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p176742039162610">Content of <strong id="waf_01_0172__b273975712598">X-Forwarded-For</strong> in the request header.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p36747394263">-</p>
</td>
</tr>
<tr id="waf_01_0172__row16162124917268"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p181621149102614">attack_log.cdn_src_ip</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p14254823163018">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p81631649102616">Content of <strong id="waf_01_0172__b3661059017">Cdn-Src-Ip</strong> in the request header.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p7163194912266">-</p>
</td>
</tr>
<tr id="waf_01_0172__row3234195613263"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p8234145642611">attack_log.x_real_ip</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p150912302301">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1723410561267">Content of <strong id="waf_01_0172__b067518109018">X-Real-IP</strong> in the request header.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p4234125602612">-</p>
</td>
</tr>
<tr id="waf_01_0172__row13511111472111"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p1594220712275">attack_log.group_id</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p7511181412214">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p9512114192112">Log group ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p6512814122115">LTS log group ID</p>
</td>
</tr>
<tr id="waf_01_0172__row7987201882214"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p20987181818224">attack_log.attack_stream_id</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p10399203711221">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p10987171872215">Log stream ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p11638104514224">ID of <strong id="waf_01_0172__b2698141613448">access_stream</strong> of the user in the log group identified by the <strong id="waf_01_0172__b136990162447">group_id</strong> field.</p>
</td>
</tr>
<tr id="waf_01_0172__row178831346102315"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p18345629112720">attack_log.hostid</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p20194633132411">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p18833465234">Protected domain name ID (upstream_id).</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p48831469232">-</p>
</td>
</tr>
<tr id="waf_01_0172__row194215559234"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p8475185982713">attack_log.tenantid</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p13359103562412">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p137131950202411">Account ID</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p179421355172310">-</p>
</td>
</tr>
<tr id="waf_01_0172__row18879155242317"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p4422953192718">attack_log.projectid</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p14696183622410">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p88794525232">ID of the project the protected domain name belongs to</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p78791452102311">-</p>
</td>
</tr>
<tr id="waf_01_0172__row1915817283"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p17911813286">attack_log.enterprise_project_id</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p2995165692817">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p189584286">ID of the enterprise project that the requested domain name belongs to.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p109188162816">-</p>
</td>
</tr>
<tr id="waf_01_0172__row7316110172813"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p123161110162811">attack_log.web_tag</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1583245812820">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p17316121012287">Website name.</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p231621015283">-</p>
</td>
</tr>
<tr id="waf_01_0172__row16970023152818"><td class="cellrowborder" valign="top" width="17.669999999999998%" headers="mcps1.3.8.2.1.5.1.1 "><p id="waf_01_0172__p109701923202813">attack_log.req_body</p>
</td>
<td class="cellrowborder" valign="top" width="11.37%" headers="mcps1.3.8.2.1.5.1.2 "><p id="waf_01_0172__p1984105912813">String</p>
</td>
<td class="cellrowborder" valign="top" width="22.470000000000002%" headers="mcps1.3.8.2.1.5.1.3 "><p id="waf_01_0172__p1297032312286">Request body. (If the request body larger than 1 KB, it will be truncated.)</p>
</td>
<td class="cellrowborder" valign="top" width="48.49%" headers="mcps1.3.8.2.1.5.1.4 "><p id="waf_01_0172__p9970223112810">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="waf_01_0018.html">Viewing Protection Events</a></div>
</div>
</div>
<script language="JavaScript">
<!--
initImageViewer('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink