Howw can CDN logs help you?

A log is a sequential recording in a file of all the events that affect a specific process. For CDN logs, we’re talking about an absolute source of information. All the traffic that goes through CDN servers leaves a trace in the form of a line, with valuable elements: user’s IP address, the visited URL, the browser used, whether the request was a hit or miss. 

CDN logs are records with information that, among other things, will give you a better understanding of service performance, greater knowledge of the frequency of malicious requests on your website, and even insight into the behavior of its users. 

WHAT ARE CDN LOGS FOR?

You will want to analyze the CDN logs, for example, when there’s a serious interruption in the service, or an important security breach. 

Maybe you’ll want to analyze the CDN logs regularly due to business needs that imply real-time decision making. 

By monitoring specific requests, for example, you can identify high-traffic websites. This gives you a significant advantage in marketing terms: to know where to place ads. 

Monitoring is also useful to know at which point users leave your website and in consequence analyze what kind of changes could be implemented. 

LOGS INFORMATIVE ELEMENTS

Below we will take a closer look at some of the informative elements that a CDN log can give you, and you can see why these are important to your analysis. 

IP ADDRESS

It’s the source address from which the user made the request. Knowing the IP is useful if there’s a high number of requests coming from the same IP address. This is important because if you see an unusually high number of requests coming from that IP, you have an indication of potential malicious activity. 

TIME AND DATE OF THE REQUEST

This informs you when the request was made. It’s an important value when you represent the data graphically, to detect sudden traffic spikes.

REQUESTED URL

It indicates what has been requested, whether it’s a specific website, a PDF file, an image, etc.

HTTP STATUS

It allows you to know how the server responded to the request: delivering the content, with an error, or a redirection to another source. 

DELIVERY TIME

You can know if there were delays for the users, which can indicate problems. 

HOW TO RECEIVE CDN LOGS

Among the CDN logs, you will find around 20 elements, including the ones described above. To simplify the analysis, we present this information in our dashboard in an aggregated way, and in real time, but we can also present you the data in its raw form, so you can cross-reference it with other details if you need to. 

We have clients that, for example, decided to have the CDN logs as archived copies, or for legal purposes. Basically, to turn to them if something occurs. In such scenarios, where you won’t immediately be working with the logs, it’s probably useful to receive an archive of all the received requests. 

AVAILABILITY OF WEBSITE LOGS

At Transparent, we present the website’s logs for the clients in two different ways: 

1. Through an FTP, sending records every hour to a compressed file, one for every machine serving the client. Under this methodology you have two operating options: 

PULL: the client can retrieve logs in an FTP set up for this purpose

PUSH: we send the logs at a specified time to an FTP that the client designates for this purpose. 

1. Through a real-time log streaming

The client can download a zip file that contains the digital certifications required for authentication on a Kafka topic, and also a series of pre-configured templates with their data for consuming logs using Filebeat, Logstash and Python. 

Also, they can easily add the IP addresses in which they will install the consumers, so that the firewall rules required for the brokers are adjusted automatically.