Cloudflare 日志示例事件消息
使用这些示例事件消息验证是否成功与 JSA 集成。
注意:
由于格式化问题,将消息格式粘贴到文本编辑器中,然后移除任何马车返回或线路源字符。
Cloudflare 日志示例消息
示例 1: 以下示例事件消息显示,HTTP GET 请求发送至主机名 host.domain.test,服务器响应为 status 代码 200。
{"ClientIP":"10.0.0.1","ClientRequestHost":"host.domain.test","ClientRequestMethod":"GET","Clien
tRequestURI":"/cdn-cgi/images/cf-iconcloud.
png","EdgeEndTimestamp":"2020-10-13T19:49:36Z","EdgeResponseBytes":1895,"EdgeResponseStatu
s":200,"EdgeStartTimestamp":"2020-10-13T19:49:36Z","RayID":"5e1b95b9ea390cc5","WAFAction":"unkno
wn","WAFFlags":"0","WAFMatchedVar":"","WAFProfile":"unknown","WAFRuleID":"","WAFRuleMessage":"",
"CacheCacheStatus":"unknown","CacheResponseBytes":0,"CacheResponseStatus":0,"CacheTieredFill":fa
lse,"ClientASN":855,"ClientCountry":"xx","ClientDeviceType":"desktop","ClientIPClass":"noRecord"
,"ClientRequestBytes":1049,"ClientRequestPath":"/cdn-cgi/images/cf-iconcloud.
png","ClientRequestProtocol":"HTTP/1.1","ClientRequestReferer":"http://host.domain.test/
cdn-cgi/styles/main.css","ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X
10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/
537.36","ClientSSLCipher":"NONE","ClientSSLProtocol":"none","ClientSrcPort":53851,"ClientXReques
tedWith":"","EdgeColoCode":"EWR","EdgeColoID":11,"EdgePathingOp":"unknown","EdgePathingSrc":"und
ef","EdgePathingStatus":"cloudflareInternalEndpoint","EdgeRateLimitAction":"","EdgeRateLimitID":
0,"EdgeRequestHost":"","EdgeResponseCompressionRatio":1,"EdgeResponseContentType":"image/
png","EdgeServerIP":"","FirewallMatchesActions":[],"FirewallMatchesRuleIDs":
[],"FirewallMatchesSources":
[],"OriginIP":"","OriginResponseBytes":0,"OriginResponseHTTPExpires":"","OriginResponseHTTPLastM
odified":"","OriginResponseStatus":0,"OriginResponseTime":0,"OriginSSLProtocol":"unknown","Paren
tRayID":"00","SecurityLevel":"unk","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest"
:false,"WorkerSubrequestCount":0,"ZoneID":304427638}
JSA 字段名称 |
在事件有效负载中突出显示的值 |
|---|---|
事件 ID |
客户请求数据 + EdgeResponseStatus 对于示例中所示的 HTTP 请求事件,事件 ID 通过使用 ClientRequestMethod 字段和 EdgeResponseStatus 字段构建。它们与字段之间的一个突起相连接。 |
源 IP |
客户端IP |
源端口 |
客户端Src端口 |
设备时间 |
EdgeStartTimestamp |
示例 2:以下示例事件消息显示 HTTP 请求与防火墙规则匹配,而连接请求则由防火墙丢弃。
{" Datetime ":"2020-11-12T02:52:18Z","RayName":"5f0cf4c5fc8ce76c","Source":"firewallrules",
"RuleId":"6e40b9ea4da54b22a112626996d3111f"," Action ":"drop","EdgeColoName":"EWR",
" ClientIP ":"10.0.0.1","ClientCountryName":"xx","ClientASNDescription":"ASN-DESCRIPTION",
"UserAgent":"curl/
7.29.0","ClientRequestHTTPMethodName":"GET","ClientRequestHTTPHost":"host.domain.test"}
JSA 字段名称 |
在事件有效负载中突出显示的值 |
|---|---|
事件 ID |
行动 |
源 IP |
客户端IP |
设备时间 |
Datetime |