Useful variables to log

In addition to the standard logging directives, the following request and response variables can be used for logging when you set up remote log streaming. You can also log any Varnish variable. Consider taking advantage of some of Fastly's extensions to VCL as well.

NOTE

All variables should be prefixed by a percent sign (%). For more information about string formatting, check out our guide to custom log formats.

IMPORTANT

Be sure to take into account security, privacy, and compliance requirements when making configuration and endpoint decisions for the data you intend to include in streamed logs.

These are the time-related variables that can be used for logging.

VariableDescription
%{begin:%Y-%m-%dT%H:%M:%S%z}tThe time of the start of the request in ISO 8601 format.
%{end:%Y-%m-%dT%H:%M:%S%z}tThe time of the end of the request in ISO 8601 format.
%{time.elapsed.usec}VHow long the request took in microseconds.
%{time.start.sec}VWhen the request started in Epoch seconds.

These are the connection-related variables that can be used for logging.

VariableDescription
%{if(req.is_ipv6, "true", "false")}VWhether the request was over IPv6 or not.
%{if(req.is_ssl, "true", "false")}VWhether the request was over HTTPS or not.
%{cstr_escape(tls.client.protocol)}VWhich version of TLS was used by the client.
%{cstr_escape(tls.client.servername)}VWhich SNI server name the client sent.
%{cstr_escape(tls.client.cipher)}VWhich cipher the TLS request used.
%{cstr_escape(tls.client.ciphers_sha)}VWhich cipher the TLS request used.
%{cstr_escape(tls.client.tlsexts_sha)}VA SHA of the TLS extension identifiers sent from the client as part of the TLS handshake, represented in Base64.
%{if(fastly_info.is_h2, "true", "false")}VWhether or not this was an HTTP/2 request.
%{if(fastly_info.h2.is_push, "true", "false")}VWhether or not this was an HTTP/2 Push response.
%{fastly_info.h2.stream_id}VWhat the HTTP/2 Stream ID was.

These are the request- and response-related variables that can be used for logging.

VariableDescription
%{Fastly-Orig-Host}iThe original Host requested if a Host header override is present.
%{Host}iThe current Host request header (because it could have been modified to send to the origin).
%{Referer}iThe Referer request header. Specifically, which URL linked to this page.
%{User-Agent}iThe User-Agent request header. Specifically, which browser requested this page.
%{Accept}iThe Accept request header. Specifically, the types of content the client can accept.
%{Accept-Language}iThe Accept-Language request header. Specifically, the human languages the client can respond with.
%{Accept-Encoding}iThe Accept-Encoding request header. Specifically, the content encoding the client is able to understand.
%{Accept-Charset}iThe Accept-Charset request header. Specifically, the character set encodings the client accepts.
%{Connection}iThe Connection request header. Specifically, whether or not the client can do keep-alive connections.
%{DNT}iThe DNT request header. Specifically, whether or not the client is sending a "Do Not Track" header.
%{Forwarded}iThe Forwarded request header. Specifically, the originating IP address of a request if this request is proxied.
%{Via}iThe Via request header. Specifically, the intermediate protocols and recipients between the user agent and the server on proxied requests.
%{X-Requested-With}iThe X-Requested-With request header. Generally used to identify Ajax requests that will send the value XMLHttpRequest.
%{X-Requested-For}iThe X-Requested-For request header. Specifically, the originating IP address of a request if this request is proxied.
%{X-ATT-DeviceId}iThe X-ATT-DeviceId request header. Specifically, the make, mode, or firmware of AT&T devices.
%{Content-Type}oThe Content-Type response header. Specifically, the MIME type of the content.
%{TSV}oThe TSV response header. Specifically, the Tracking Status Value suggested for sending in response to a DNT request.

These are the cache-related variables that can be used for logging.

VariableDescription
%{If-Modified-Since}iThe If-Modified-Since request header. Specifically, the server will send back the requested resource, with a 200 status, only if it has been last modified after the given date.
%{If-None-Match}iThe If-None-Match request header. Specifically, the server will send back the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones.
%{Cache-Control}oThe Cache-Control response header. Specifically, whether or not all caching mechanisms from server to client may cache this object in seconds.
%{Age}oThe Age response header. Specifically, the age the object has been in a proxy cache in seconds.
%{Expires}oThe Expires response header. Specifically, the date and time after which the response is considered stale in "HTTP-date" format as defined by RFC 7231.
%{Last-Modified}oThe Last-Modified response header. Specifically, the last modified date for the requested object in "HTTP-date" format as defined by RFC 7231. Used in conjunction with the If-Modified-Since request header.
%{ETag}oThe ETag response header. Specifically, an identifier for a specific version of a resource. Used in conjunction with the If-None-Match Request header.
%{obj.hits}VThe number of hits this object has (cache specific).
%{obj.lastuse}VThe last time this object was used (cache specific).
"cache_status":"%{fastly_info.state}V"(Fastly-specific) State of the request, with optional suffixes describing special cases.

Geographic logging variables

These are the geographic variables that can be used for logging.

VariableDescription
%{server.datacenter}VWhich Fastly data center this request hit.
%{client.geo.city}VWhich city Fastly thinks the request originated from.
%{client.geo.city.ascii}VAn alias of `client.geo.city`.
%{client.geo.city.utf8}VThe city or town name associated with the IP address, encoded using the UTF-8 character encoding.
%{client.geo.country_code}VWhich country Fastly thinks the request originated from.
%{client.geo.continent_code}VWhich continent Fastly thinks the request originated from.
%{client.geo.region}VWhich region Fastly thinks the request originated from.

These are the size-related variables that can be used for logging.

VariableDescription
%{req.header_bytes_read}VThe size of the request headers.
%{req.body_bytes_read}VThe size of the request body.
%{resp.header_bytes_written}VThe size of the response headers.
%{resp.body_bytes_written}VThe size of the response body.

These are the socket-related variables that can be used for logging.

VariableDescription
%{client.socket.cwnd}VThe client socket congestion window.
%{client.socket.nexthop}VThe IP address of the next gateway.
%{client.socket.tcpi_rcv_mss}VThe client socket max segment size for receiving.
%{client.socket.tcpi_snd_mss}VThe client socket max segment size for sending.
%{client.socket.tcpi_rtt}VThe client socket smoothed round-trip time in microseconds.
%{client.socket.tcpi_rttvar}VThe client socket round-trip time variance in microseconds.
%{client.socket.tcpi_rcv_rtt}VThe client socket receiver-side estimation of round-trip time in microseconds.
%{client.socket.tcpi_rcv_space}VThe current buffer space available for receiving data.
%{client.socket.tcpi_last_data_sent}VThe time since last data sent on client socket in microseconds.
%{client.socket.tcpi_total_retrans}VThe total number of packet retransmissions on the client socket.
%{client.socket.tcpi_delta_retrans}VThe change in number of packet retransmissions on the client socket.
%{client.socket.ploss}VThe client socket packet loss.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.