Contents of HTTP request logs

The files that are shipped by HTTP request Log Shipping are written as a series of gzipped JSON files. An example record in a log file:

{
  "client_site_id": "000",
  "remote_user": "",
  "request_url": "/",
  "wplogin": "-",
  "timestamp": "19/May/2020:17:03:58 +0000",
  "request_type": "GET",
  "scheme": "https",
  "http_referer": "https://example.com/",
  "http_x_forwarded_for": "",
  "true_client_ip": "",
  "remote_addr": "127.0.0.1",
  "asn": "2635",
  "tls_version": "TLSv1.3",
  "ssl_client_verify": "NONE",
  "content_type": "text/html; charset=UTF-8",
  "upstream_country_code": "GB",
  "sent_cache_control": "max-age=300, must-revalidate",
  "timestamp_iso8601": "2020-05-19T17:03:58+00:00",
  "sent_vary": "Accept-Encoding",
  "sent_x_cache": "hit",
  "request_id": "81cd24c5c46d4c1aa0205dd8001cdba6",
  "request_time": "0.001",
  "http_host": "example.com",
  "http_accept_language": "en-US,en;q=0.9",
  "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36",
  "http_version": "HTTP/2.0",
  "body_bytes_sent": "8981",
  "status": "200",
  "private_file": ""
}

{
  "client_site_id": "000",
  "remote_user": "",
  "request_url": "/",
  "wplogin": "-",
  "timestamp": "19/May/2020:17:03:58 +0000",
  "request_type": "GET",
  "scheme": "https",
  "http_referer": "https://example.com/",
  "http_x_forwarded_for": "",
  "true_client_ip": "",
  "remote_addr": "127.0.0.1",
  "asn": "2635",
  "tls_version": "TLSv1.3",
  "ssl_client_verify": "NONE",
  "content_type": "text/html; charset=UTF-8",
  "upstream_country_code": "GB",
  "sent_cache_control": "max-age=300, must-revalidate",
  "timestamp_iso8601": "2020-05-19T17:03:58+00:00",
  "sent_vary": "Accept-Encoding",
  "sent_x_cache": "hit",
  "request_id": "81cd24c5c46d4c1aa0205dd8001cdba6",
  "request_time": "0.001",
  "http_host": "example.com",
  "http_accept_language": "en-US,en;q=0.9",
  "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36",
  "http_version": "HTTP/2.0",
  "body_bytes_sent": "8981",
  "status": "200",
  "private_file": ""
}

Description of fields

Field	Description
`asn`	The Autonomous System Number (ASN) of the `remote_addr` IP address
`body_bytes_sent`	Total number of bytes sent to the client
`client_site_id`	An internal ID unique to this environment
`content_type`	The media type of the resource (e.g. `text/html; charset=UTF-8`)
`http_accept_language`	The contents of the `Accept-Language` request HTTP header
`http_host`	The domain (e.g. `example.com`)
`http_referer`	The `Referer` request header, if available, contains the purported address of the web page from which a link to the currently requested page was followed.
`http_user_agent`	The contents of the `User-Agent` request header
`http_version`	HTTP protocol version
`http_x_forwarded_for`	An HTTP header that is a means of logging a client’s originating IP address.
`private_file`	This field will be empty for requests that do not include a `/wp-content/uploads/` path. A value of `1` indicates a request to a file restricted by Access-Controlled Files, and a `0` for all other files.
`remote_addr`	IP address of the client making the request (see also: `true_client_ip` and `http_x_forwarded_for`).
`remote_user`	If the request was authenticated with HTTP Basic Authentication, this is the username value (the password is not logged).
`request_id`	Unique request identifier, this value is set in the `X-Request-ID` HTTP request header which can be read by a WordPress or Node.js application.
`request_time`	The time taken for the request.
`request_type`	The HTTP method (e.g., `GET`, `POST`).
`request_url`	The path of the resource that was fetched, not including elements that are included elsewhere such as the protocol (e.g. `http://`, see `scheme`), and the domain (e.g. `example.com`, see `http_host`).
`sent_cache_control`	The contents of the `Cache-Control` HTTP response header.
`scheme`	Either `http` or `https`.
`sent_vary`	The contents of the `Vary` HTTP response header; note that VIP does not allow free use of the `Vary` header (e.g. `Accept-Encoding`).
`sent_x_cache`	HTTP response header values that are returned by the page cache (e.g., `HIT`, `MISS`, or `BYPASS`).
`ssl_client_verify`	The result of client certificate verification: `"SUCCESS"`, `"FAILED:reason"`, and `"NONE"` if a certificate was not present.
`status`	The HTTP response status code (e.g. `200`, `404`, etc.)
`timestamp`	UTC date and time of the request
`timestamp_iso8601`	UTC date and time of the request in ISO format
`tls_version`	TLS version used by the client.
`true_client_ip`	A request header commonly set by reverse proxies, including Cloudflare, to indicate the remote address of the client they are forwarding requests for (see also: `http_x_forwarded_for`).
`upstream_country_code`	All requests are geocoded by country (e.g., “US”, “GB”, etc.) at the edge of the VIP CDN using the incoming IP address.
`wplogin`	The login name (i.e. `user_login`) of the authenticated WordPress user, if any; requests where there is no authenticated WordPress user this field will contain `-`.

Last updated: November 13, 2024

Description of fields

Relevant to