Real-Time Log Delivery (RTLD)

Real-Time Log Delivery (RTLD) delivers log data in near real-time to a variety of destinations. It consists of the following modules, which are:

Module	Description	Requirements
RTLD CDN	Delivers log data that describes requests submitted to the Edgecast network. This data includes Edge Functions requests.	Purchased Separately
RTLD WAF	Delivers log data that describes requests identified as threats by Web Application Firewall (WAF). It excludes log data for threats identified by Rate Rules or Bot Manager.	Security Premier, Business, or Essentials
RTLD Rate Limiting	Delivers log data that describes requests for which Edgecast enforced a rate limit as defined through a rate rule.	Security Premier, Business, or Essentials
RTLD Bot	Delivers log data that describes requests for which Bot Manager identified as bot traffic.	Bot Manager
RTLD Cloud Functions	Delivers log data that describes requests processed by Cloud Functions. This data includes Edgecast Sites requests.	Cloud Functions

Contact your account manager or our sales department at 1 (866) 200 - 5463 to upgrade your account.

RTLD delivers compressed log data to one or more of the following destination(s):

Your web server.
An AWS S3 bucket.
An Azure Block Blob.
Datadog.
A Google Cloud Storage bucket.
New Relic (RTLD CDN and RTLD Rate Limiting).
Splunk Enterprise.
Sumo Logic.

Log data consists a set of log entries. Each entry describes either:

RTLD CDN: A HTTP/HTTPS request that was directed to the Edgecast network.
RTLD WAF: A HTTP/HTTPS request that was identified as a threat by WAF and information on why it was deemed a threat.
RTLD Rate Limiting: A HTTP/HTTPS request that exceeded a rate limit enforced by a Security Application configuration.
RTLD Bot: A HTTP/HTTPS request that was identified as originating from a bot.
RTLD Cloud Functions: A HTTP/HTTPS request that was processed by Cloud Functions.

If our service is unable to deliver log data, then we will store it for up to 3 days and deliver it when communication resumes. If we cannot deliver log data within 3 days, then it will be permanently deleted.

Quick Start

Setting up log delivery consists of the following steps:

Decide on and prepare the service or web server(s) to which log data will be delivered.
If required, gather authentication information for the above destination.
Create a log delivery profile for the above destination.

Configure RTLD from within the Edgecast Console. Log data will be delivered regardless of whether you are using Rules or CDN-as-code.

Log Delivery Profiles

A log delivery profile identifies:

Where log data will be delivered.
The amount of data that will be delivered.
Whether log data will be filtered prior to delivery.
The set of log fields that will be delivered.

Multiple Profiles

You may create multiple profiles. This allows you to:

Send log data to one or more destinations. This is useful for disaster recovery.
Segregate log data by type within a single destination.
Gather more detailed data as needed.

Key information:

Perform profile administration from the Real-Time Log Delivery CDN or WAF landing page.
Log fields vary by RTLD module.

Learn more about log fields: RTLD CDN | RTLD WAF | RTLD Rate Limiting | RTLD Bot | RTLD Cloud Functions
Log data will only be delivered when a profile’s status is enabled.
The procedure for creating and modifying profiles varies by the destination to which log files will be delivered. Learn more about delivering to:

Your web server(s) | An AWS S3 Bucket| An Azure Block Blob container | Splunk Enterprise | Sumo Logic | Datadog | Google Cloud Storage | New Relic (RTLD CDN and RTLD Rate Limiting)
Delete a profile by clicking the corresponding
icon. When prompted, confirm the deletion.

Quick Start #

Log Delivery Profiles #

Multiple Profiles #

Quick Start

Log Delivery Profiles

Multiple Profiles