Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

POST https://console.baleen.cloud/api/logs/access-logs

Retrieves a limited amount of access logs in a timerange with optional filtering

Authorization

  • The user must be authentificated using his personal access token

  • The baleen namespace must be set within the cookie baleen-namespace

Resquest format

Query Params

Param

Required/Optional

Type

Description

start

optional

long

The timestamp (in seconds) to collect data from

end

optional

long

The timestamp (in seconds) to collect data to

size

optional

integer

The page size of log entries to retrieve. Between 1 and 100.

page

optional

0

The page number of log entries to retrieve

Body Params

Object filters description

Optional array allowing to define the filters to apply on the access logs using the following parameters

Param

Type

Description

field

enum

The field targeted to filter the logs

Has to be one of the following value :

  • “asn”

  • “connection_type”

  • “country”

  • “ip”

  • “isp”

  • “ja3”

  • “request_fate_action”

  • “method”

  • “status_code”

  • “triggered_rule_id”

  • “uri”

  • “user_agent”

operator

enum

The operator used to filter the logs

Has to be one of the following value :

  • “equals” : this option allows to retrieve logs whose the mentioned field is strictly equal to the indicated value.

  • “contains” : this option allows to retrieve logs whose the mentioned field contains the indicated value

value

string

The value considered to filter the logs

Response format

Successful request

200 OK

Field

Required/Optional

Type

Description

timestamp

required

ISO 8601 GMT

ISO 8601 uses the 24-hour clock system

status

required

HTTP status

Hypertext Transfer Protocol (HTTP) response status codes

remoteAddr

optional

IP address

client IP proxy or client IP address

upstream

optional

IP address

Baleen proxy-out IP address

scheme

required

URI Scheme

requestFateAction

optional

Baleen BotDetection Fate Action

Baleen Botdetection action for this request

bodyBytesSent

required

Byte data type

request body size

botCategory

optional

Baleen Bot Category

Bot Category assigned to this request

httpHost

required

URL scheme

Request Host header value

httpUserAgent

optional

String

Request User-Agent header value

remoteUser

optional

IP address

requestTime

optional

Duration (Seconds)

Request processing time

clientIP

required

IP address

Client IP adress

httpXForwardedFor

optional

comma separated IP addresses

identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer

httpReferrer

optional

URL scheme

Request Referer header value

upstreamResponseTime

optional

Duration (Second)

Origine response time for this request

requestFate

optional

Baleen Bot Detection Action

Baleen action for this request

requestJa3

optional

string

Device TLS fingerprint

sslProtocol

required

string

Client TLS protocol

serverProtocol

required

string

requestURI

required

URI scheme

Request ressource identifier

requestMethod

required

HTTP Request Method

requestArgs

optional

string

Request URI query strings

requestISP

optional

string

Client Internet Service Provider

requestCountry

optional

string

country code ISO3166-1 format

requestConnectionType

optional

string

requestionIsAnonymousProxy

optional

Boolean

Tells if this request was made using an anonymous proxy like à VPN

responseContentType

optional

string

Response Content Type Header

Unsuccessful request

400 Bad request

500 Internal server error

Example

The following example shows an API call retrieving logs of requests from France having targeted the path “/” between April 25th 2023 3PM and April 25th 2023 8PM.

Query

POST https://console.baleen.cloud/api/logs/access-logs?start=1682427600&end=1682445600&page=0&size=100

Request body

{
  "filters": [
    {
      "field": "uri",
      "value": "/",
      "operator": "equals"
    },
    {
      "field": "country",
      "value": "FR",
      "operator": "equals"
    }
  ]
}

Response body

[
    {
        "timestamp": "2023-04-25T17:59:59.976999998Z",
        "status": "200",
        "remoteAddr": "5.182.212.102",
        "upstream": "",
        "scheme": "https",
        "requestFateAction": "challengejs_displayed",
        "bodyBytesSent": "2263",
        "botCategory": "unknown",
        "triggeredRuleId": "",
        "triggeredRuleTrackingId": "",
        "httpHost": "www.cdiscount.com",
        "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0",
        "remoteUser": "",
        "requestTime": "0.000",
        "clientIp": "89.85.86.142",
        "httpXForwardedFor": "89.85.86.142",
        "httpReferrer": "",
        "upstreamResponseTime": "",
        "requestFate": "challengejs",
        "requestJa3": "579ccef312d18482fc42e2b822ca2430",
        "sslProtocol": "TLSv1.3",
        "serverProtocol": "HTTP/1.1",
        "requestUri": "/",
        "requestMethod": "GET",
        "requestIsp": "Bouygues Telecom",
        "requestCountry": "FR",
        "requestAsn": "5410",
        "requestConnectionType": "Cable/DSL",
        "requestIsAnonymousProxy": false,
        "responseContentType": "text/html"
    },
    {
        "timestamp": "2023-04-25T17:59:59.928999900Z",
        "status": "200",
        "remoteAddr": "5.182.213.95",
        "upstream": "",
        "scheme": "https",
        "requestFateAction": "challengejs_displayed",
        "bodyBytesSent": "2344",
        "botCategory": "unknown",
        "triggeredRuleId": "",
        "triggeredRuleTrackingId": "",
        "httpHost": "www.cdiscount.com",
        "httpUserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 16_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Mobile/15E148 Safari/604.1",
        "remoteUser": "",
        "requestTime": "0.000",
        "clientIp": "92.162.167.105",
        "httpXForwardedFor": "92.162.167.105",
        "httpReferrer": "",
        "upstreamResponseTime": "",
        "requestFate": "challengejs",
        "requestJa3": "c3133b31632d390d16ba92a92d674580",
        "sslProtocol": "TLSv1.3",
        "serverProtocol": "HTTP/1.1",
        "requestUri": "/",
        "requestMethod": "GET",
        "requestIsp": "Orange",
        "requestCountry": "FR",
        "requestAsn": "3215",
        "requestConnectionType": "Cable/DSL",
        "requestIsAnonymousProxy": false,
        "responseContentType": "text/html"
    },
    {
        "timestamp": "2023-04-25T17:59:59.924999952Z",
        "status": "200",
        "remoteAddr": "5.182.213.105",
        "upstream": "",
        "scheme": "https",
        "requestFateAction": "challengejs_displayed",
        "bodyBytesSent": "2263",
        "botCategory": "unknown",
        "triggeredRuleId": "",
        "triggeredRuleTrackingId": "",
        "httpHost": "www.cdiscount.com",
        "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0",
        "remoteUser": "",
        "requestTime": "0.000",
        "clientIp": "91.175.111.26",
        "httpXForwardedFor": "91.175.111.26",
        "httpReferrer": "",
        "upstreamResponseTime": "",
        "requestFate": "challengejs",
        "requestJa3": "579ccef312d18482fc42e2b822ca2430",
        "sslProtocol": "TLSv1.3",
        "serverProtocol": "HTTP/1.1",
        "requestUri": "/",
        "requestMethod": "GET",
        "requestIsp": "Free SAS",
        "requestCountry": "FR",
        "requestAsn": "12322",
        "requestConnectionType": "Cable/DSL",
        "requestIsAnonymousProxy": false,
        "responseContentType": "text/html"
    }
    ...
]
  • No labels