Real-Time Log Delivery (RTLD) delivers log data in near real-time to a variety of destinations. It consists of the following modules, which are:
Module | Description | Requirements |
---|---|---|
RTLD CDN | Delivers log data that describes requests submitted to the Edgio network. This data includes Edge Functions requests. | Purchased Separately |
RTLD WAF | Delivers log data that describes requests identified as threats by Web Application Firewall (WAF). It excludes log data for threats identified by Rate Rules or Bot Manager. | Security Premier, Business, or Essentials |
RTLD Rate Limiting | Delivers log data that describes requests for which Edgio enforced a rate limit as defined through a rate rule. | Security Premier, Business, or Essentials |
RTLD Bot | Delivers log data that describes requests for which Bot Manager identified as bot traffic. | Bot Manager |
RTLD Cloud Functions | Delivers log data that describes requests processed by Cloud Functions. This data includes Edgio Sites requests. | Cloud Functions |
Contact your account manager or our sales department at 1 (866) 200 - 5463 to upgrade your account.
RTLD delivers compressed log data to one or more of the following destination(s):
- Your web server.
- An AWS S3 bucket.
- An Azure Block Blob.
- Datadog.
- A Google Cloud Storage bucket.
- New Relic (RTLD CDN and RTLD Rate Limiting).
- Splunk Enterprise.
- Sumo Logic.
Log data consists a set of log entries. Each entry describes either:
- RTLD CDN: A HTTP/HTTPS request that was directed to the Edgio network.
- RTLD WAF: A HTTP/HTTPS request that was identified as a threat by WAF and information on why it was deemed a threat.
- RTLD Rate Limiting: A HTTP/HTTPS request that exceeded a rate limit enforced by a Security Application configuration.
- RTLD Bot: A HTTP/HTTPS request that was identified as originating from a bot.
- RTLD Cloud Functions: A HTTP/HTTPS request that was processed by Cloud Functions.
If our service is unable to deliver log data, then we will store it for up to 3 days and deliver it when communication resumes. If we cannot deliver log data within 3 days, then it will be permanently deleted.
Quick Start
Setting up log delivery consists of the following steps:
- Decide on and prepare the service or web server(s) to which log data will be delivered.
- If required, gather authentication information for the above destination.
- Create a log delivery profile for the above destination.
Configure RTLD from within the Edgio Console. Log data will be delivered regardless of whether you are using Rules or CDN-as-code.
Log Delivery Profiles
A log delivery profile identifies:
- Where log data will be delivered.
- The amount of data that will be delivered.
- Whether log data will be filtered prior to delivery.
- The set of log fields that will be delivered.
Multiple Profiles
You may create multiple profiles. This allows you to:
- Send log data to one or more destinations. This is useful for disaster recovery.
- Segregate log data by type within a single destination.
- Gather more detailed data as needed.
Key information:
-
Perform profile administration from the Real-Time Log Delivery CDN or WAF landing page.
-
Log fields vary by RTLD module.Learn more about log fields: RTLD CDN | RTLD WAF | RTLD Rate Limiting | RTLD Bot | RTLD Cloud Functions
-
Log data will only be delivered when a profile’s status is enabled.
-
The procedure for creating and modifying profiles varies by the destination to which log files will be delivered. Learn more about delivering to:
-
Delete a profile by clicking the corresponding icon. When prompted, confirm the deletion.