You are reading Edgio v5 docs. Check out our latest docs for Edgio v7.
Edgio
Edgio

Real-Time Log Delivery (RTLD)

Real-Time Log Delivery (RTLD) delivers log data in near real-time to a variety of destinations. It consists of two modules, which are:

  • Real-Time Log Delivery CDN (RTLD CDN)

    Delivers log data that describes requests submitted to our CDN service.

    This feature must be purchased separately. For more information, please contact your CDN account manager.

  • Real-Time Log Delivery Rate Limiting (RTLD Rate Limiting)

    Delivers log data that describes requests for which Web Application Firewall (WAF) enforced a rate limit as defined through a rate rule.

    RTLD Rate Limiting requires WAF Premier, WAF Standard, or WAF Essentials. If you currently have WAF Insights and would like to use this capability, please contact your CDN account manager to upgrade to the full version.

  • Real-Time Log Delivery WAF (RTLD WAF)

    Delivers log data that describes requests identified as threats by Web Application Firewall (WAF).

    RTLD WAF requires WAF Premier, WAF Standard, or WAF Essentials. If you currently have WAF Insights and would like to use this capability, please contact your CDN account manager to upgrade to the full version.

    RTLD WAF delivers log data for threats identified by WAF. It excludes log data for rate limited requests as determined by rate rules. Use RTLD Rate Limiting to deliver log data for rate limited requests.

RTLD delivers compressed log data to one or more of the following destination(s):

RTLD Workflow

Log data consists a set of log entries. Each entry describes either:

  • RTLD CDN: A HTTP/HTTPS request that was directed to our CDN service.
  • RTLD Rate Limiting: A HTTP/HTTPS request that exceeded a rate limit enforced by a Security Application Manager configuration.
  • RTLD WAF: A HTTP/HTTPS request that was identified as a threat by WAF and information on why it was deemed a threat.

If our service is unable to deliver log data, then we will store it for up to 3 days and deliver it when communication resumes. If we cannot deliver log data within 3 days, then it will be permanently deleted.

Quick Start

Setting up log delivery consists of the following steps:

  1. Decide on and prepare the service or web server(s) to which log data will be delivered.
  2. If required, gather authentication information for the above destination.
  3. Create a log delivery profile for the above destination.

Log Delivery Profiles

A log delivery profile identifies:

  • Where log data will be delivered.
  • The amount of data that will be delivered.
  • Whether log data will be filtered prior to delivery.
  • The set of log fields that will be delivered.

Multiple Profiles

You may create multiple profiles. This allows you to:

  • Send log data to one or more destinations. This is useful for disaster recovery.
  • Segregate log data by type within a single destination.
  • Gather more detailed data as needed.

Key information: