Media CDN logs each HTTP request to Cloud Logging. These requests
include client requests to the EdgeCacheService resource and requests from
the EdgeCacheOrigin resource to the configured origin for cache fills. Logs are
typically delivered in near real time. This includes being queryable in
Logging and exportable to Cloud Storage and Pub/Sub.
Log entries contain the following types of information:
- General information shown in most Google Cloud logs, such as severity, the project ID, the project number, and the timestamp.
- HttpRequest log fields.
Additional metadata about the request within the structPayload, including the following:
- Client ASN
- Client location data
- ID (city) of the caches used to fulfill the response
- Time to first byte (TTFB) and time to last byte (TTLB), in milliseconds, for the HTTP-level response
- TLS SNI hostname
- TLS version used
- Common Media Client Data (CMCD) information
Cache-specific fields
The jsonPayload object of a Media CDN log contains metadata
specific to how Media CDN serves an object, whether the object
was cached, and any error states encountered.
These fields, as well as example values, are shown in the following table.
| Field | Example value | Details |
|---|---|---|
| backendInitialLatency | 0.126644940s | The Duration it takes the backend to initially respond to a request. Measured from when the CDN has finished proxying the request to the origin until the CDN begins receiving response bytes from the origin. This field only appears in logs for cache fill from an |
| backendLatency | 0.126666342s | The Duration it takes the backend to fully respond to a request. Measured from when the CDN has finished proxying the request to the origin until the CDN has received the complete response from the backend. This field appears only in logs for cache fill from an |
| cacheId | maa-123456 |
The IATA (airport) code of the city nearest the cache and an opaque identifier of the cache
instance. If multiple tiers of caching are required to serve the request due to a full or
partial cache miss, the chain of cache locations is provided—for
example, del-234567, bom-345678, sin-456789, where the rightmost cache is the
closest to the user. |
| cacheKeyFingerprint | f63925711b0dd8a9ff861cd303774e6e | An opaque fingerprint of the cache key. Requests that map to the same cache key—for example, requests where query parameters are not included, or where the host is not included—should have the same fingerprint. If your total number of requests is similar to the total number of unique fingerprints, it might indicate that your cache keys are too specific. |
| cacheMode | USE_ORIGIN_HEADERS | The cdnPolicy.cacheMode configured on the route that
matched this request.
|
| cacheStatus | Cache hit: Full cache miss: |
The cache status at each cache node between the user and the origin shield, where the rightmost value represents the cache closest to the user. For more information about how to interpret this field, see Cache status values. |
| clientAsn | The ASN (Autonomous System Number), based on the connecting client's IP address. | |
| clientCity | Mountain View | Name of the city from which the request originated—for example, Mountain View, California. This can also be added to both request and response headers and
mirrors the |
| clientRegionCode | US | The country (or region) associated with the client's IP address. This is a Unicode CLDR region code, such as US or FR. For most countries, these codes correspond directly to ISO-3166-2 codes. This can also be added to both request and response headers and
mirrors the |
| cmcd | The CMCD
keys in the client request that help inform the client-side quality of
service. Media CDN supports data transmitted through
HTTP request headers or query parameters and does not log values for the following keys:
dl (deadline), nor (next object request),
nrr (next range request), ot (object type),
rtp (requested maximum throughput), sf (streaming format),
su (startup), tb (top bitrate),
or v (CMCD version).
|
|
| enforcedSecurityPolicy | The Google Cloud Armor edge security policy that applies to the client's request. This includes additional information about the policy name, priority, and action taken. | |
| httpTtfb | 0.157228207s | The Duration from when the proxy begins receiving request bytes until the first byte of the response is sent (not received). |
| latency | 0.157415635s | The Duration from when the proxy begins receiving request bytes until it has finished writing the response to the client. |
| location | The Location header in the response.
|
|
| metroIataCode | MAA | The IATA (airport) code of the city nearest the proxy. |
| origin | The EdgeCacheOrigin resource from which the response was proxied.
|
|
| originalRequestId | 19d92668-3948-49d8-9244-25f8252043e4 | The unique identifier assigned to the request that originally generated this response.
Populated only if this is different than request_id for cached responses.
|
| originIp | The IP address used to contact the EdgeCacheOrigin resource from which
the response was proxied.
|
|
| proxyRegionCode | US | The country (or region) that the proxy is located in. This is a Unicode CLDR region code, such as US or FR. For most countries, these codes correspond directly to ISO-3166-2 codes. |
| proxyStatus | A list of intermediary HTTP proxies in the response path. The value
is defined by RFC 9209.
This corresponds to the proxy_status dynamic header variable.
|
|
| rangeHeader | The Range header in the request.
|
|
| requestId | 4bde6381-cd17-47e1-8c2a-1aaa424a1156 | The unique identifier assigned to the request by the proxy. |
| tlsCipherSuite | 009C | The cipher suite negotiated during the TLS handshake. The value is four hex digits defined by the IANA TLS Cipher Suite Registry—for example, 009C for TLS_RSA_WITH_AES_128_GCM_SHA256. This value is empty for unencrypted client connections. |
| tlsSniHostname | Server name indication (as defined in RFC 6066), if provided by the client during the TLS or QUIC handshake. The hostname is converted to lowercase and any trailing dot is removed. | |
| tlsVersion | TLS 1.3 | TLS version negotiated between the client and the CDN during the SSL handshake. Possible values include TLS 1, TLS 1.1, TLS 1.2, and TLS 1.3. |
Example log entry
The following provides an example log entry for a response served from cache:
{ "insertId": "617fa16e-0000-2ac9-9993-d4f547fe67d4@a1", "jsonPayload": { "@type": "type.googleapis.com/google.cloud.edgecache.v1.EdgeCacheLogEntry", "tlsVersion": "TLS 1.3", "tlsCipherSuite": "009C", // hex digits for the cipher negotiated "cacheId": "maa-132eed13faa13", "clientAsn": "9299", // AS the client is associated with "origin": "example_origin", "clientRegionCode": "IN", "metroIataCode": "bom", "clientCity": "Mumbai", // City name, in English "latency": "0.005105200s", "proxyStatus": "Google-Edge-Cache", "httpTtfb": "0.005056080s", "cacheMode": "FORCE_CACHE_ALL", "cacheKeyFingerprint": "c360ac18849b6336", "cacheStatus": "hit,stale", "enforcedSecurityPolicy": { "outcome": "ACCEPT", "configuredAction": "ACCEPT", "name": "example_policy", "priority": 1000 }, "originalRequestId": "19d92668-3948-49d8-9244-25f8252043e5", "proxyRegionCode": "IN", "requestId": "4bde6381-cd17-47e1-8c2a-1aaa424a1156", "originIp": "74.125.128.128" }, "httpRequest": { "requestMethod": "GET", "requestUrl": "https://example.com/image.jpg", "requestSize": "3545", "status": 200, "responseSize": "3716", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36", "remoteIp": "62.36.0.43", "protocol": "HTTP/2" }, "resource": { "type": "edgecache.googleapis.com/EdgeCacheRouteRule", "labels": { "matched_path": "/", "path_matcher_name": "routes", "service_name": "example_service", "resource_container": "projects/123456789", "location": "global", "route_destination": "projects/123456789/locations/global/edgeCacheOrigins/example_origin", "route_type": "ORIGIN" } }, "timestamp": "2022-11-19T00:24:13.695328200Z", "logName": "projects/my-project/logs/edgecache.googleapis.com%2Fedge_cache_request", "receiveTimestamp": "2022-11-19T00:24:16.715871645Z" }
You can configure request logging in a few ways. To reduce log volume and overall Logging charges, logs can optionally be sampled or filtered as needed.
You can also route logs to Pub/Sub, Cloud Storage, or BigQuery for analysis in Google Cloud or your existing log analysis tools.
Retention policies
Logging supports setting custom retention policies, including on a per-sink basis.
What's next
- To understand more about how to set up logs-based metrics to define your own metrics values based on logged requests, see the Log-based metrics overview.
- To learn more about the pricing for Logging, see Google Cloud Observability pricing.
- To read about how audit logging works and how to enable and configure audit logs for admin activity, see the Cloud Audit Logs documentation.