Managed Rule Logs

The following is a detailed description of the fields in the managed rule logs.
Field Description
Request Fields
Field Name
Data Type
Description
RequestHost
String
Host of the client request.
RequestID
String
Unique ID of the client request.
RequestTime
Timestamp ISO8601
The time when the EdgeOne node receives the client request. Time zone: UTC+0. Example: 2024-10-14T05:13:43Z
RequestMethod
String
HTTP method of the client request. Valid values:
GET
POST
HEAD
PUT
DELETE
CONNECT
OPTIONS
TRACE
PATCH
RequestUA
String
User-Agent information of the client request.
RequestURI
String
URI information of the client request.
RequestLog
String
Header log of the client request, including the request line and complete HTTP request headers.
RequestBody
String
Request body that hits a managed rule. The first 10 KB is captured.
Client Fields
Field Name
Data Type
Description
ClientIP
String
IP address of the client connected to the EdgeOne node.
ClientCountry
String
Country/region resolved from the client IP address. Format: ISO 3166-1 alpha-2.
Security Fields
Field Name
Data Type
Description
SecurityRuleID
String
ID of the security rule that applies the final action to the request, corresponding to SecurityAction.
SecurityModule
String
Name of the security module that applies the final action to the request. This field corresponds to SecurityAction. Valid value:
ManagedRule: Web Security - Managed Rule
SecurityAction
String
Final action applied after the request hits a security rule. Valid values:
monitor: Observe
drop: Block
SecurityMatchingField
String
Matching field of the managed rule that applies the final action to the request. It indicates the specific content in the request that is detected by the rule. Example:rocess').execSync('echo VULN_1767842690_9463',{'timeout':30000}).
SecurityMatchingPosition
String
Matching position of the managed rule that applies the final action to the request. It indicates where the detected content comes from in the request. Example: Full request path.
Reference
Log Example
The following is an example of a single managed rule log under the default configuration.
  {
    "ClientCountry": "SG",
    "ClientIP": "0.0.0.0",
    "RequestBody": "a=||whoami||",
    "RequestHost": "www.example.com",
    "RequestID": "13719873400522703510",
    "RequestLog": "POST / HTTP/1.1\nhost: www.example.com\nuser-agent: curl/8.7.1\naccept: */*\ncontent-type: application/x-www-form-urlencoded\neo-inner-original-url-scheme: http\neo-inner-original-header-host: www.example.com\neo-inner-original-url-host: www.example.com\neo-inner-original-url-port: 80\neo-inner-client-port: 56268\neo-inner-client-ip: 0.0.0.0\neo-inner-client-net-protocol: TCP\neo-inner-client-http-version: HTTP/1.1\neo-connecting-ip: 0.0.0.0\ncdn-loop: TencentEdgeOne; loops=1\neo-inner-mid-protect: t=1778487220&s=35864a5c12d9ac68b0fb929c4e76c79e\ncontent-length: 12",
    "RequestMethod": "POST",
    "RequestTime": 1778487220,
    "RequestUA": "curl/8.7.1",
    "RequestURI": "/",
    "SecurityAction": "drop",
    "SecurityMatchingField": "||whoami||",
    "SecurityMatchingPosition": "body",
    "SecurityModule": "ManageRule",
    "SecurityRuleID": "4401214653"
  }
﻿

Field Description
Reference
- Log Example

Field Name	Data Type	Description
RequestHost	String	Host of the client request.
RequestID	String	Unique ID of the client request.
RequestTime	Timestamp ISO8601	The time when the EdgeOne node receives the client request. Time zone: UTC+0. Example: `2024-10-14T05:13:43Z`
RequestMethod	String	HTTP method of the client request. Valid values: `GET` `POST` `HEAD` `PUT` `DELETE` `CONNECT` `OPTIONS` `TRACE` `PATCH`
RequestUA	String	User-Agent information of the client request.
RequestURI	String	URI information of the client request.
RequestLog	String	Header log of the client request, including the request line and complete HTTP request headers.
RequestBody	String	Request body that hits a managed rule. The first 10 KB is captured.