This document describes the schema of log entries sent by the Cloudmersive Reverse Proxy Server to Azure Event Hub.

Log Entry Structure

Each log entry is sent as a JSON object directly to the Event Hub. There is no outer envelope — the log data fields are the top-level properties of the JSON message.

Log Data Fields

Which fields are present depends on the Data to Log options enabled on the logging policy.

Always Included

• NodeID (string) - Identifier of the reverse proxy node that processed the request
• ContentLength (string) - Content length of the request body
• TransactionID (string) - Unique identifier for the request/response transaction
• HttpResponseCode (string) - HTTP status code of the response (e.g., "200", "404")
• HttpResponseContentLength (string) - Content length of the response body
• OriginResponseTime (string) - Time in milliseconds for the origin server to return a response
• TotalResponseTime (string) - Total time in milliseconds for the complete request/response cycle

Included When "Log request URL" Is Enabled

• URL (string) - Full request URL
• HttpMethod (string) - HTTP method (e.g., GET, POST, PUT, DELETE)
• Hostname (string) - Host from the request
• Port (string) - Port from the request
• UserAgent (string) - Value of the User-Agent request header

Included When "Log client IP address" Is Enabled

• ClientIP (string) - IP address of the client
• XForwardedFor (string) - Value of the X-Forwarded-For header, if present
• TrueClientIP (string) - Value of the True-Client-IP header, if present

Included When "Log request headers" Is Enabled

• Headers (string) - JSON array of header objects, each containing HeaderName and HeaderValue

Example Headers value:

[
  { "HeaderName": "Accept", "HeaderValue": "text/html" },
  { "HeaderName": "Content-Type", "HeaderValue": "application/json" }
]

Included When "Log policy result details" Is Enabled

• PolicyResult (string) - JSON-encoded security policy evaluation outcome for the request

Example Log Entry

{
  "NodeID": "node-id-here",
  "URL": "https://example.com/api/data",
  "HttpMethod": "GET",
  "Hostname": "example.com",
  "Port": "443",
  "UserAgent": "Mozilla/5.0",
  "ClientIP": "203.0.113.50",
  "XForwardedFor": "203.0.113.50",
  "TrueClientIP": "",
  "ContentLength": "0",
  "TransactionID": "txn-id-here",
  "HttpResponseCode": "200",
  "HttpResponseContentLength": "1234",
  "OriginResponseTime": "45",
  "TotalResponseTime": "50"
}

Notes

• All field values are strings, including numeric values such as HttpResponseCode and OriginResponseTime.
• Fields that are not applicable or not available for a given request may be empty strings.
• Each event is sent as an individual message to the Event Hub. You can use Event Hub consumer groups, Azure Stream Analytics, or other downstream processors to ingest and analyze the log data.