Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots
27.02.2022
image 5 Min read

If you’re operating at scale, you’re probably already making use of a CDN. They’ve become ubiquitous amongst any company trying to handle large volumes of website traffic.

It’s surprising then, that so many organizations rely heavily on their CDN, but they don’t take advantage of the wealth of observability data that a CDN offers. Our experience shows that adequate analysis & visualization of CDN logs can reduce 90% of your MTTR in various performance & security issues. Let’s look at some of the benefits from analysing your CDN logs, and why you might not be able to take advantage of these actionable insights. 

Detect attacks at the edge of your system

When an attacker port scans your system or begins to analyse headers in the HTTP response from your site, they’re going to have to go through your CDN first. This means that before they are making it anywhere near your servers, they first have to traverse the complex web of edge caching that a CDN establishes for you. This behaves like perimeter security. 

Obviously, CDNs aren’t effective at keeping out a determined attacker, but they ensure that all traffic that passes to your site is captured and monitored. This is a characteristic of a layered security model. While all of this is going on, your CDN is producing log data about every interaction with your site, and in that information, you can find the potential attack vectors that an attacker is utilising. With millions of DDOS attacks conducted every year, your CDN may well become your first line of defence, and your CDN logs will tell you how well that defence is performing.

Understand your busiest times

Your CDN takes much of the load away from your servers, meaning the traffic reporting that comes from your servers is only a fraction of the true traffic your site is seeing. This means that the insights that come from your server logs may be missing a large part of the picture.

Organizations that understand when their busiest times are, are able to make sensible scaling decisions ahead of time. They can focus on performance where they need it most, and prevent over-engineering where it isn’t required. Your CDN logs contain all the information you need, but analysing it may be complex. More on this later.

Real time detection of sudden traffic spikes

One issue with traditional systems and how they monitor traffic is that they’re very easily bottlenecked. Most modern sites that are deployed into the cloud have autoscaling strategies, but scaling takes time and often doesn’t happen instantly. During this “warm up” time, you’re losing requests. This means that when you measure a spike in HTTP traffic, you’re not measuring the true number of requests that hit your site. You’re measuring the requests that you managed to process.

A CDN is not only much more scalable than a typical application or website, but it also is designed to scale much faster and scale down slower. As such, in most situations, the CDN has adequate resources to process your spike without any autoscaling event. This means you get a true view of the kind of demand your website is facing, and act with the best possible information.

Your access logs contain key information, like latencies, requested resources and error codes, to let you know the nature of this sudden spike in traffic and how to respond appropriately. If you can couple this with a real-time streaming and processing solution, you’ve potentially got access to a river of powerful observability data.

Understand your customer behaviour, in detail

As above, CDNs can handle large volumes of traffic. This means that their logs are the closest to the true measurement that you can get for your site traffic. More than this, even under heavy load, a CDN will keep serving and tracking user experience across multiple sites and resources. It doesn’t suffer from the dramatic decreases in performance that a typical application in the cloud experiences, meaning your HTTP response speed remains consistent.

Consistent performance of a website has a known correlation with conversion rates and other key metrics. In order to understand this correlation, you need logs that are the truest possible indication of the user experience. Your CDN will perform consistently under even the most intense load, meaning your CDN access logs are consistent, reliable and structured. You can ingest and analyse logs, breaking them down into alertable metrics and KPIs, in a myriad of different ways, to develop a detailed understanding of customer behaviour. Most CDNs don’t support this, but keep reading to find out how.

Your site can be accessed from anywhere in the world, and sometimes it can be difficult to track where in the world your site is popular. This information is essential. For example, if you find that some of your most important customers are based in France, you may decide that a French translation of your site may help to boost popularity and sales.

Your CDN logs often contain more than just metadata about what was served to the customer. It also contains information about where it was served from, in the form of a server host IP address. With a sophisticated observability system, your logs can be ingested, decorated with geolocation information and analysed, so you can see which regions your website is proving the most popular.

Good CDN monitoring is really complex. 

CDNs have all of this information, but they make it difficult to extract and analyse, because they are not observability platforms. 

Moreover, they don’t have any of the log storage cost optimization that a sophisticated observability platform will bring, meaning that if you wish to keep the huge volume of logs that your CDN will generate, you’re looking at an expensive problem to solve. 

And if you are fortunate enough to have a CDN provider that has some built-in monitoring, this monitoring usually comes with a significant delay, as the log and metrics data is processed and ingested. This delay directly translates into money lost, when every second could potentially cost thousands. Real-time problems need real-time monitoring.

Ultimately, if you settle for the basic functionality that a CDN can provide, you’ll only ever get a fraction of the benefit you could get. The potential insights, from operations to marketing, that come from a properly configured, managed and monitored CDN solution, are astounding. 

Contact GlobalDots for commitment-free consulting & implementation of your ultimate CDN observability solution.

Learn More

How-To: Collect SNMP with Sumologic
Monitoring, Logging & Observability
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 19.04.22

Introduction SNMP is an application layer protocol which manages and monitors the connected IP devices. SNMP works on a Client-Server based architecture, where the clients are known as the SNMP Agents and the Server are called as the Managers. The clients are devices that are connected to the Internet, it could be switches, routers, printers, […]

Read more
Practical Guide: How To Act on Your CDN Logs for Increased Revenue & Security
Monitoring, Logging & Observability
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 28.02.22

As CDNs become ubiquitous, our need to monitor and understand the operational performance of our solution becomes increasingly more important. Logs are a brilliant way to get insight into the health and performance of your CDN. Logs are often held up as a shining example of observability data, comprising an unstructured collection of quantitative and […]

Read more
Why Your Security Posture Needs In-Depth CDN Log Monitoring
Monitoring, Logging & Observability
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 27.02.22

CDNs have become a standard component of any serious scaling strategy. With scaling, of course, comes an increased security challenge. This leads to code scanning, log analysis, expensive intrusion detection systems and more, but the data locked away inside of a CDN is often ignored.  This data is essential to a strong security posture and […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo