POST https://console.baleen.cloud/api/logs/access-logs

Retrieves a limited amount of access logs in a timerange with optional filtering

1 Authorization
2 Resquest format
- 2.1 Query Params
- 2.2 Body Params
3 Response format
- 3.1 Successful request
- 3.2 Unsuccessful request
4 Example

Authorization

The user must be authentificated using his personal access token
The baleen namespace must be set within the cookie baleen-namespace

Resquest format

Query Params

Param	Required/Optional	Type	Description

Param	Required/Optional	Type	Description
start	optional	long	The timestamp (in seconds) to collect data from
end	optional	long	The timestamp (in seconds) to collect data to
size	optional	integer	The page size of log entries to retrieve. Between 1 and 100.
page	optional	0	The page number of log entries to retrieve

Body Params

Object filters description

This object is an optional array allowing to define the filters to apply on the access logs using the following parameters

Param	Type	Description

Param

Type

Description

field

enum

The field targeted to filter the logs

Has to be one of the following value :

“asn”
“connection_type”
“country”
“ip”
“isp”
“ja3”
“request_fate_action”
“method”
“status_code”
“triggered_rule_id”
“uri”
“user_agent”

operator

enum

The operator used to filter the logs

Has to be one of the following value :

“equals” : this option allows to retrieve logs whose the mentioned field is strictly equal to the indicated value.
“not_equals” : this option allows to retrieve logs whose the mentioned field is different from the indicated value

value

string

The value considered to filter the logs

Response format

Successful request

200 OK

Field	Required/Optional	Type	Description

Field	Required/Optional	Type	Description
timestamp	required	ISO 8601 GMT	ISO 8601 uses the 24-hour clock system
status	required	HTTP status	Hypertext Transfer Protocol (HTTP) response status codes
remoteAddr	optional	IP address	client IP proxy or client IP address
upstream	optional	IP address	Baleen proxy-out IP address
scheme	required	URI Scheme
requestFateAction	optional	Baleen BotDetection Fate Action	Baleen Botdetection action for this request
bodyBytesSent	required	Byte data type	request body size
botCategory	optional	Baleen Bot Category	Bot Category assigned to this request
httpHost	required	URL scheme	Request Host header value
httpUserAgent	optional	String	Request User-Agent header value
remoteUser	optional	IP address
requestTime	optional	Duration (Seconds)	Request processing time
clientIP	required	IP address	Client IP adress
httpXForwardedFor	optional	comma separated IP addresses	identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer
httpReferrer	optional	URL scheme	Request Referer header value
upstreamResponseTime	optional	Duration (Second)	Origine response time for this request
requestFate	optional	Baleen Bot Detection Action	Baleen action for this request
requestJa3	optional	string	Device TLS fingerprint
sslProtocol	required	string	Client TLS protocol
serverProtocol	required	string
requestURI	required	URI scheme	Request ressource identifier
requestMethod	required	HTTP Request Method
requestArgs	optional	string	Request URI query strings
requestISP	optional	string	Client Internet Service Provider
requestCountry	optional	string	country code ISO3166-1 format
requestConnectionType	optional	string
requestionIsAnonymousProxy	optional	Boolean	Tells if this request was made using an anonymous proxy like à VPN
responseContentType	optional	string	Response Content Type Header

Unsuccessful request

400 Bad request

500 Internal server error

Example

The following example shows an API call retrieving logs of requests from France having targeted the path “/” between April 25th 2023 3PM and April 25th 2023 8PM.

Query

POST https://console.baleen.cloud/api/logs/access-logs?start=1682427600&end=1682445600&page=0&size=100

Request body

{
  "filters": [
    {
      "field": "uri",
      "value": "/",
      "operator": "equals"
    },
    {
      "field": "country",
      "value": "FR",
      "operator": "equals"
    }
  ]
}

Response body

[
    {
        "timestamp": "2023-04-25T17:59:59.976999998Z",
        "status": "200",
        "remoteAddr": "5.182.212.102",
        "upstream": "",
        "scheme": "https",
        "requestFateAction": "challengejs_displayed",
        "bodyBytesSent": "2263",
        "botCategory": "unknown",
        "triggeredRuleId": "",
        "triggeredRuleTrackingId": "",
        "httpHost": "www.cdiscount.com",
        "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0",
        "remoteUser": "",
        "requestTime": "0.000",
        "clientIp": "89.85.86.142",
        "httpXForwardedFor": "89.85.86.142",
        "httpReferrer": "",
        "upstreamResponseTime": "",
        "requestFate": "challengejs",
        "requestJa3": "579ccef312d18482fc42e2b822ca2430",
        "sslProtocol": "TLSv1.3",
        "serverProtocol": "HTTP/1.1",
        "requestUri": "/",
        "requestMethod": "GET",
        "requestIsp": "Bouygues Telecom",
        "requestCountry": "FR",
        "requestAsn": "5410",
        "requestConnectionType": "Cable/DSL",
        "requestIsAnonymousProxy": false,
        "responseContentType": "text/html"
    },
    {
        "timestamp": "2023-04-25T17:59:59.928999900Z",
        "status": "200",
        "remoteAddr": "5.182.213.95",
        "upstream": "",
        "scheme": "https",
        "requestFateAction": "challengejs_displayed",
        "bodyBytesSent": "2344",
        "botCategory": "unknown",
        "triggeredRuleId": "",
        "triggeredRuleTrackingId": "",
        "httpHost": "www.cdiscount.com",
        "httpUserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 16_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Mobile/15E148 Safari/604.1",
        "remoteUser": "",
        "requestTime": "0.000",
        "clientIp": "92.162.167.105",
        "httpXForwardedFor": "92.162.167.105",
        "httpReferrer": "",
        "upstreamResponseTime": "",
        "requestFate": "challengejs",
        "requestJa3": "c3133b31632d390d16ba92a92d674580",
        "sslProtocol": "TLSv1.3",
        "serverProtocol": "HTTP/1.1",
        "requestUri": "/",
        "requestMethod": "GET",
        "requestIsp": "Orange",
        "requestCountry": "FR",
        "requestAsn": "3215",
        "requestConnectionType": "Cable/DSL",
        "requestIsAnonymousProxy": false,
        "responseContentType": "text/html"
    },
    {
        "timestamp": "2023-04-25T17:59:59.924999952Z",
        "status": "200",
        "remoteAddr": "5.182.213.105",
        "upstream": "",
        "scheme": "https",
        "requestFateAction": "challengejs_displayed",
        "bodyBytesSent": "2263",
        "botCategory": "unknown",
        "triggeredRuleId": "",
        "triggeredRuleTrackingId": "",
        "httpHost": "www.cdiscount.com",
        "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0",
        "remoteUser": "",
        "requestTime": "0.000",
        "clientIp": "91.175.111.26",
        "httpXForwardedFor": "91.175.111.26",
        "httpReferrer": "",
        "upstreamResponseTime": "",
        "requestFate": "challengejs",
        "requestJa3": "579ccef312d18482fc42e2b822ca2430",
        "sslProtocol": "TLSv1.3",
        "serverProtocol": "HTTP/1.1",
        "requestUri": "/",
        "requestMethod": "GET",
        "requestIsp": "Free SAS",
        "requestCountry": "FR",
        "requestAsn": "12322",
        "requestConnectionType": "Cable/DSL",
        "requestIsAnonymousProxy": false,
        "responseContentType": "text/html"
    }
    ...
]

Baleen support

How to retrieve Baleen access logs?