Logs Integration
DataDome bot detection is a real time synchronous process.
All our modules include a powerful feature that injects informational headers for each request. Our customers use it for deep integration between DataDome and their infrastructure and applications, such as in the following cases:
- Enriching server logs to use DataDome bot information inside Log Analytics, SIEM or SOC
- Reading and using these headers in applications, to support specific decisions
- Reading these headers inside statistics tags
This feature is available for Corporate and Enterprise plans. Please reach DataDome team for more information.
Headers values
X-DataDome-botfamily
is deprecated (supported until 1st March 2022) and will be replaced byX-DataDome-ruletype
Header name | Header description | Header possible values |
---|---|---|
X-DataDome-isbot | Is it a bot ? | 0 : Human (normal user)1 : BotNA : Detection not activated on this segment |
X-DataDome-botname | The bot name | String |
X-DataDome-captchapassed | Has this client passed a Captcha? | 0 : This client has not passed the Captcha1 : This client has passed the CaptchaNA : This request has not been blocked |
X-DataDome-ruletype | The traffic category | Humans AI Threats Detection Verified Bots Custom Rules |
X-DataDome-requestid | An identifier for the current request | String |
X-DataDome-matchedmodels | Bot models name triggered. This header is not enabled by default. DataDome support team can enable it if it is needed. | List of string separated by ";" |
The information above can be used inside any application/SIEM/SOC by reading the HTTP request headers.
Logs integration
Each module can inject these headers inside web server logs.
This feature enables our users to integrate DataDome detection information inside their usual monitoring tools like Kibana, Splunk or AppDynamics.
The documentation for each module is available through the links below:
- Apache
- Nginx
- Varnish
- IIS
- HAProxy18/HAPEE for module versions HAProxy18 1.8.0 and module HAPEE v1.5.1 (and over)
LogFormat "%h %l %u %t \"%r\" %{X-DataDome-isbot}i %{X-DataDome-botname}i %{X-DataDome-ruletype}i %{X-DataDome-captchapassed}i %{DATA_DOME_SPENT_TIME}e" datadome
CustomLog logs/datadome.log datadome
http {
....
log_format datadome '$request $http_x_datadome_isbot "$http_x_datadome_botname" "$http_x_datadome_ruletype" $http_x_datadome_captchapassed $datadome_response_time';
access_log /var/log/nginx/datadome.log datadome;
....
server {
....
data_dome_auth @datadome;
data_dome_auth_set $http_x_datadome_isbot $upstream_http_x_datadome_isbot;
data_dome_auth_set $http_x_datadome_botname $upstream_http_x_datadome_botname;
data_dome_auth_set $http_x_datadome_ruletype $upstream_http_x_datadome_ruletype;
data_dome_auth_set $http_x_datadome_captchapassed $upstream_http_x_datadome_captchapassed;
data_dome_auth_set $datadome_response_time $upstream_response_time;
....
}
}
sudo varnishncsa -a -w /var/log/varnish/datadome.log -D -P /var/run/varnishncsa_datadome.pid -F '%h %l %u %t "%r" "%{X-DataDome-isbot}i %{X-DataDome-botname}i %{X-DataDome-ruletype}i %{X-DataDome-captchapassed}i %{VCL_Log:DataDome_status}x %{VCL_Log:DataDome_spent_time}x"'
# frontend settings with DataDome integration
http-request lua.Datadome_request_hook
http-response lua.Datadome_response_hook
# Custom log for DataDome Enrich headers
log-format "X-DataDome-botname: %{+Q}[lua.ddHeaders(X-DataDome-botname)] | X-DataDome-isbot: %{+Q}[lua.ddHeaders(X-DataDome-isbot)] | X-DataDome-ruletype: %{+Q}[lua.ddHeaders(X-DataDome-ruletype)]"
use_backend failure_backend if { var(txn.dd.status) -i -m str blocked }
Updated about 1 month ago