Real-Time Log Delivery (RTLD) delivers log data in near real-time to a variety of destinations. It consists of the following modules, which are:
|RTLD CDN||Delivers log data that describes requests submitted to our CDN service.||Purchased Separately|
|RTLD WAF||Delivers log data that describes requests identified as threats by Web Application Firewall (WAF). |
It excludes log data for threats identified by Rate Rules or Bot Manager.
|Security Premier, Standard, or Essentials|
|RTLD Rate Limiting||Delivers log data that describes requests for which Edgio enforced a rate limit as defined through a rate rule.||Security Premier, Standard, or Essentials|
|RTLD Bot||Delivers log data that describes requests for which Bot Manager identified as bot traffic.||Bot Manager|
RTLD delivers compressed log data to one or more of the following destination(s):
- Your web server.
- An AWS S3 bucket.
- An Azure Block Blob.
- A Google Cloud Storage bucket.
- New Relic (RTLD CDN and RTLD Rate Limiting).
- Splunk Enterprise.
- Sumo Logic.
Log data consists a set of log entries. Each entry describes either:
- RTLD CDN: A HTTP/HTTPS request that was directed to our CDN service.
- RTLD WAF: A HTTP/HTTPS request that was identified as a threat by WAF and information on why it was deemed a threat.
- RTLD Rate Limiting: A HTTP/HTTPS request that exceeded a rate limit enforced by a Security App configuration.
- RTLD Bot: A HTTP/HTTPS request that was identified as originating from a bot.
If our service is unable to deliver log data, then we will store it for up to 3 days and deliver it when communication resumes. If we cannot deliver log data within 3 days, then it will be permanently deleted.
Setting up log delivery consists of the following steps:
- Decide on and prepare the service or web server(s) to which log data will be delivered.
- If required, gather authentication information for the above destination.
- Create a log delivery profile for the above destination.
A log delivery profile identifies:
- Where log data will be delivered.
- The amount of data that will be delivered.
- Whether log data will be filtered prior to delivery.
- The set of log fields that will be delivered.
You may create multiple profiles. This allows you to:
- Send log data to one or more destinations. This is useful for disaster recovery.
- Segregate log data by type within a single destination.
- Gather more detailed data as needed.
Perform profile administration from the Real-Time Log Delivery CDN or WAF landing page.
Log fields vary by RTLD module.
Log data will only be delivered when a profile’s status is enabled.
The procedure for creating and modifying profiles varies by the destination to which log files will be delivered. Learn more about delivering to:
Delete a profile by clicking the corresponding icon. When prompted, confirm the deletion.