|
| 1 | +--- |
| 2 | +title: Azure CDN HTTP raw logs |
| 3 | +description: This article describes the Azure CDN HTTP raw logs. |
| 4 | +services: cdn |
| 5 | +author: asudbring |
| 6 | +manager: KumudD |
| 7 | +ms.service: azure-cdn |
| 8 | +ms.tgt_pltfrm: na |
| 9 | +ms.devlang: na |
| 10 | +ms.topic: article |
| 11 | +ms.date: 03/10/2020 |
| 12 | +ms.author: allensu |
| 13 | +--- |
| 14 | + |
| 15 | +# Azure CDN HTTP raw logs |
| 16 | +Raw logs provide rich information about operations and errors that are important for auditing and troubleshooting. Raw logs differ from activity logs. Activity logs provide visibility into the operations done on Azure resources. Raw logs provide a record of operations of your resource. |
| 17 | + |
| 18 | +> [!IMPORTANT] |
| 19 | +> The HTTP raw logs feature is available for Azure CDN from Microsoft. |
| 20 | +
|
| 21 | +If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. |
| 22 | + |
| 23 | +## Sign in to Azure |
| 24 | + |
| 25 | +Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com). |
| 26 | + |
| 27 | +## Configuration |
| 28 | + |
| 29 | +To configure Raw logs for your Azure CDN from Microsoft profile: |
| 30 | + |
| 31 | +1. From the Azure portal menu, select **All Resources** >> **\<your-CDN-profile>**. |
| 32 | + |
| 33 | +2. Under **Monitoring**, select **Diagnostics settings**. |
| 34 | + |
| 35 | +3. Select **+ Add diagnostic setting**. |
| 36 | + |
| 37 | +  |
| 38 | + |
| 39 | + > [!IMPORTANT] |
| 40 | + > Raw logs is only available in the profile level while aggregated http status code logs are available in the endpoint level. |
| 41 | +
|
| 42 | +4. Under **Diagnostic settings**, enter a name for the diagnostic setting under **Diagnostic settings name**. |
| 43 | + |
| 44 | +5. Select the **log** and set the retention in days. |
| 45 | + |
| 46 | +6. Select the **Destination details**. Destination options are: |
| 47 | + * **Send to Log Analytics** |
| 48 | + * Select the **Subscription** and **Log Analytics workspace**. |
| 49 | + * **Archive to a storage account** |
| 50 | + * Select the **Subscription** and the **Storage Account**. |
| 51 | + * **Stream to an event hub** |
| 52 | + * Select the **Subscription**, **Event hub namespace**, **Event hub name (optional)**, and **Event hub policy name**. |
| 53 | + |
| 54 | +  |
| 55 | + |
| 56 | +7. Select **Save**. |
| 57 | + |
| 58 | +## Raw logs properties |
| 59 | + |
| 60 | +Azure CDN from Microsoft Service currently provides Raw logs (batched hourly). Raw logs provide individual API requests with each entry having the following schema: |
| 61 | + |
| 62 | +| Property | Description | |
| 63 | +|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
| 64 | +| TrackingReference | The unique reference string that identifies a request served by Front Door, also sent as X-Azure-Ref header to the client. Required for searching details in the access logs for a specific request. | |
| 65 | +| HttpMethod | HTTP method used by the request. | |
| 66 | +| HttpVersion | Type of the request or connection. | |
| 67 | +| RequestUri | URI of the received request. | |
| 68 | +| RequestBytes | The size of the HTTP request message in bytes, including the request headers and the request body. | |
| 69 | +| ResponseBytes | Bytes sent by the backend server as the response. | |
| 70 | +| UserAgent | The browser type that the client used. | |
| 71 | +| ClientIp | The IP address of the client that made the request. | |
| 72 | +| TimeTaken | The length of time that the action took, in milliseconds. | |
| 73 | +| SecurityProtocol | The TLS/SSL protocol version used by the request or null if no encryption. | |
| 74 | +| Endpoint | The CDN endpoint host has configured under the parent CDN profile. | |
| 75 | +| Backend Host name | The name of the backend host or origin where requests are being sent. | |
| 76 | +| Sent to origin shield | If true, it means that request was answered from origin shield cache instead of the edge pop. Origin shield is a parent cache used to improve cache hit ratio. | |
| 77 | +| HttpStatusCode | The HTTP status code returned from the proxy. | |
| 78 | +| HttpStatusDetails | Resulting status on the request. Meaning of this string value can be found at a Status reference table. | |
| 79 | +| Pop | The edge pop, which responded to the user request. POPs' abbreviations are airport codes of their respective metros. | |
| 80 | +| Cache Status | Signifies if the object was returned from cache or came from the origin. | |
| 81 | + |
| 82 | +## Next Steps |
| 83 | +In this article, you enabled HTTP raw logs for the Microsoft CDN service. |
| 84 | + |
| 85 | +For more information on Azure CDN and the other Azure services mentioned in this article, see: |
| 86 | + |
| 87 | +* [Analyze](cdn-log-analysis.md) Azure CDN usage patterns. |
| 88 | + |
| 89 | +* Learn more about [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/overview). |
| 90 | + |
| 91 | +* Configure [Log Analytics in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/get-started-portal). |
0 commit comments