Logs uploader must first be enabled and set up in the Gcore Customer Portal on the Gcore CDN page, or by contacting the Gcore support.
Configuring Logs uploader
In the CDN menu, click Logs and select Logs uploader. Control which fields are exported, how frequently the logs are delivered, and which storage service they are sent to. Supported destinations include Gcore Object Storage, S3-compatible platforms, FTP and SFTP servers, and HTTP(S) endpoints. This flexibility helps you integrate CDN logs into existing observability, analytics, or compliance workflows while effectively managing data volume and processing requirements. The Logs uploader screen has three tabs:- Configurations — link policies and targets to deliver logs
- Policies — set export rules and schedules
- Targets — connect upload destinations
- Configurations
- Policies
- Targets
Configurations Tab
Configurations Tab
Select the Configurations tab to view a table of configurations:
- Configuration ID
Click the column header to sort the table by configuration IDs. - Configuration name
- Click the column header to sort the table by configuration names.
- Click a configuration name to edit the configuration.
- Policy
Click a policy name to edit the linked policy. - Target
Click a target name to edit the linked target. - Status
Linked target status is displayed in the Status column. To re-run the authentication check, click (refresh) at the end of the status message. - More options
Click ⋯ (more options) in the last column to Edit, Disable, or Delete the configuration in that row. - Add configuration
Click Add configuration (top right) to create a new configuration.
Add configurations
Add configurations
- Go to Logs uploader, select the Configurations tab, and click Add configuration.
Enable configuration switch appears at the top of the Add configuration window; to disable the configuration, toggle the switch to the left.
- Select the resources for this configuration:
- All Resources
- Specific Resource(s)
For all resources, including newly created:
- Enter a Name for the configuration.
- Select a Policy to link from the drop-down list.
- Select a Target to link from the drop-down list.
- Click Add configuration again to finish and return to the Logs uploader. The new target appears in the table on the Configurations tab.
Edit configurations
Edit configurations
- Go to Logs uploader and select the Configurations tab.
- Click the configuration name in the Configurations column, or click ⋯ (more options) at the end of that row and select Edit.
Enable configuration switch appears at the top of the Edit configuration window; to disable the configuration, toggle the switch to the left.
- Select the resources for this configuration:
- All Resources
- Specific Resource(s)
For all resources, including newly created:
- Edit configuration Name.
- Select a Policy to link from the drop-down list.
- Select a Target to link from the drop-down list.
- Click Save changes (top right) to return to the Logs uploader.
Enable, disable, or delete configurations
Enable, disable, or delete configurations
- Go to Logs uploader and select the Configurations tab.
- In the row with the configuration name, click ⋯ (more options) in the last column and select Enable, Disable, or Delete.
Log schema and field definitions
Log format example
Log format example
It’s OK if you find a field that’s not listed in the example. We occasionally add new fields to the end of the line. If some fields are added to logs, you’ll receive an email about the update.
Log fields
Log fields
The following table contains a complete list of available log fields. Fields formatted in italics relate to our internal CDN system, so you can ignore them.You can check other fields — they can be helpful for traffic analysis or statistics.
Internal status codes
Internal status codes
WAAP log fields
If your CDN resource has WAAP enabled, the Logs uploader automatically appends WAAP security event fields to each request log line, alongside the CDN fields described above. You receive a single merged log entry per request, so the CDN access data and the matching WAAP security verdict arrive correlated and on the same delivery channel as your existing CDN logs - no separate file, no extra configuration on your side.Eligibility. WAAP fields are added only for resources that have WAAP enabled and use the current edge protection architecture. For resources without WAAP, the existing CDN log line is unchanged.
DDoS protection logs are not exported through the Logs uploader. Only per-request WAAP security events are included. DDoS attack analytics remain available through the WAAP API and dashboard.
WAAP fields
WAAP fields
The following fields are appended to each request log line when WAAP is enabled on the resource.
Decision and optional action values
Decision and optional action values
The
$waap_decision field gives the final security verdict that WAAP applied at the edge:The
$waap_optional_action field describes any additional action applied alongside the decision:Challenged requests are recorded as
blocked. Logs are written at the edge as soon as the response is sent, before WAAP knows whether the client will solve the challenge. When the client passes the challenge, subsequent requests from the same session are exported with $waap_decision="passed" and $waap_passed_incident_id pointing back to the original incident, so you can trace the final outcome by joining the two log lines on the session identifier. The full per-incident result is also available through the WAAP Request Details API.Log schema versioning
Log schema versioning
Each exported log line carries a schema version field that identifies the JSON payload version (for example,
"v":"5"). The version is incremented whenever fields are added, renamed, or removed. We add new fields in a backwards-compatible way where possible (existing field names and positions are preserved), so most schema changes do not require parser updates on your side. Breaking changes are announced in advance through the standard CDN update notifications. Pin your downstream parsers (SIEM, ETL) to a known version and check the v value to detect schema changes safely.