Follow

Distil Access Log Values - API Security

Access logs provide detailed information associated with all requests that pass through Distil. For fraud and security alerting, they help augment your SIEM data and log analyses by mapping Distil values to logins or accounts/users.

NOTE: Distil periodically adds new log fields and definitions to the API logs. Any processes written to parse the Distil logs should be configured to accept additional logs fields beyond the currently defined log fields. This helps prevent a disruption in the log parsing as additional log fields are added.

The table below lists all names, data types, and definitions for Distil API security access logs. For web security access logs, please see the Distil web security support article.

 

 

Field

Type

Definition

 1

account_id

int

Distil-assigned account ID

 2

domain_id

int

Distil-assigned domain ID

 3

ip

string

Visitor’s IP address

 4

request_time

double

Time of the request

 5

request_url

string

URL requested by the visitor

 6

http_status_code

string

HTTP status code returned to the user

 7

bytes_sent

int

Bytes sent from Distil to the visitor

 8

http_referrer

string

Visitor-provided HTTP referrer

 9

user_agent

string

Visitor-provided user agent

10

geo_ip_country_code

string

Country of the request

11

geo_ip_organization

string

Organization that owns the visitor’s
IP address

12

whitelist

long

Bitwise code that describes why the request was whitelisted, if the request was whitelisted.

13

violations

long

Threat that triggered the action Distil took on the request

14

distil_action

string

Action Distil took on the request

15

distil_token

string

Distil hashed version of the visitor’s identifier.

16

distil_token_group

string

Distil identifier group (this is only used for Invalid, currently).

17

raw_token

string

The raw token value Distil read from the request.

18

raw_token_location

string

The location of the raw token. For example, ‘ARG auth_token’ for an ‘auth_token’ passed as a URL argument.

19

server_serial

string

Distil-served handling request

20

server_ip

string

IP address of the Distil appliance (or server) that handled the request

21

origin_http_status_code

string

The HTTP status code returned from the origin to Distil

22

origin_response_time

string

Time it took for the upstream server to respond to the request

23

origin_content_type

string

Type of file requested by the visitor

24

origin_response_length

string

Length of the response from origin server

25

requests_per_minute

double

The number of API requests made per minute during the visitor’s session

26

requests_per_session

double

The total number of API requests during the visitor’s session

27

session_length_seconds

double

The duration of the visitor’s session

28

nginx_worker_pid

int

Distil server process handling request

29

request_id

string

Distil-computed ID for the request

30

is_billable

boolean

Whether or not the request is billable

31

hsig

string

Header signature

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments