KeyCDN Log Format

The log fields are separated by | (pipe). See the example below.

  1. Timestamp incl. msec (e.g. 1383918771.123)
  2. POP (point of presence)
  3. IP address of the client (e.g.
  4. HTTP status code. A full list of all status codes is available on Wikipedia
  5. Bytes sent for this request (e.g. 1392)
  6. User ID (e.g. uid1234)
  7. Zone ID (e.g. zid4321)
  8. Zonealias (preferred) or Zone domain (e.g.
  9. Cache status (e.g. HIT)
  10. CLF request (e.g. “GET /path/folder/image-15kb.jpg HTTP/1.1”)
  11. CLF date (e.g. [13/Aug/2014:22:23:02 +0200])
  12. Referrer (enclosed by double quotes)
  13. Agent (enclosed by double quotes)
  14. Scheme (e.g. https)
  15. TLS Version (e.g. TLSv1.2)
  16. Country Code (e.g. US)
  17. Region Code two-symbol country region (state, province, etc) code (e.g CA)
  18. Organization (e.g. “AS14618, Inc.”)
  19. Byte Range bytes=<range requested> (e.g. bytes=512-1024)
Note: The client IP is anonymized by setting the last octet to 0 to be GDPR compliant.


1407961382.123|usla||200|253061|uid1234|zid4321||HIT|"GET /lorem.jpg HTTP/1.1"|[13/Aug/2014:22:23:02 +0200]|""|"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0"|https|TLSv1.2|US|CA|"AS14618, Inc."|-