KeyCDN Log Format

The log fields are separated by | (pipe). See the example below.

    1. Timestamp incl. msec (e.g. 1383918771.123)
    2. POP (point of presence)
    3. IP address of the client (e.g.
    4. HTTP status code. A full list of all status codes is available on Wikipedia
    5. Bytes sent for this request (e.g. 1392)
    6. User ID (e.g. uid1234)
    7. Zone ID (e.g. zid4321)
    8. Zonealias (preferred) or Zone domain (e.g.
    9. Cache status (e.g. HIT)
    10. CLF request (e.g. “GET /path/folder/image-15kb.jpg HTTP/1.1”)
    11. CLF date (e.g. [13/Aug/2014:22:23:02 +0200])
    12. Referrer (enclosed by double quotes)
    13. Agent (enclosed by double quotes)
    14. Scheme (e.g. HTTPS)
    15. Country Code (e.g. US)
    16. Country Name (e.g. Germany)
    17. City (e.g Frankfurt)
    18. Region two-symbol country region (state, province, etc) code (e.g CA)
    19. Latitude
    20. Longitude
    21. Organization (e.g. “AS14618, Inc.”)


1407961382.123|usla||200|253061|uid1234|zid4321||HIT|"GET /lorem.jpg HTTP/1.1"|[13/Aug/2014:22:23:02 +0200]|""|"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0"|http|US|United States|San Diego|CA|39.0437|-77.4875|"AS14618, Inc."


  1. Dirk

    I couldn’t find any information on your log data retention policy. According to the information on this page you store the client’s full IP address which is only allowed for technical reasons (like DOS defence) if I understand German privacy legislation correctly. Can I disable the storage of this data for any other usage (like the analytics section of your backend)?


    1. Sebastian Krohn

      Hello Dirk,

      We don’t keep log data beyond the immediate past. Above format description is for customers who use our log forwarding feature.

      The data behind analytics and billing is stored for longer but does not contain client IPs.


Leave A Comment?