WAF logs

This help contains the following topics:

Introduction
vSystem support information
Licensing requirements
Restrictions and guidelines
Manage WAF logs

Introduction

The WAF Log List page displays the logs generated by the WAF module. These logs help administrators customize WAF profiles to control users' website access behaviors.

You can enable logging in a WAF profile. The WAF module can then generates logs for packets that match the WAF profile.

vSystem support information

Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.

Licensing requirements

To use WAF functions, you must purchase and install the required license. If the license expires, the existing WAF signature library is still available but you cannot upgrade the WAF signature library to the version released after the expiration time. For more information about licensing, see the license management help.

Restrictions and guidelines

Only one log operation (import, export, or clear) is allowed at a time.
Only one user can perform a log operation at a time. When you import, export, or clear logs, make sure no one else is performing a log operation.
When you query logs of a time range, this page displays the logs of the first day by default. You can click Previous Day or Next Day to view the logs of a specific date.

Manage WAF logs

Import logs

Click the Monitor tab.
In the navigation pane, select Security Logs > WAF Logs.
Click Import.
In the dialog box that opens, click OK.
Select a log file, and enter the password for the log file. The password was set when the file was exported.

Export logs

To export logs to the local, perform the following steps:

Click the Monitor tab.
In the navigation pane, select Security Logs > WAF Logs.
Click on the right of the displayed columns. On the page that opens, specify the search criteria and click Apply to display the logs to be exported.
Click Export.

On the page that opens, configure the log export settings.

Table-1 Log export configuration items

Item	Description
Set password	Enter a password for encrypting the log files. This password must be provided to open the exported log files.
Logs per file	Specify the maximum number of log entries in each file. If the number of log entries to be exported is equal to or smaller than the specified number, the device exports the log entries to one file. If the number of log entries to be exported is greater than the specified number, the device exports the log entries to multiple files.

Item

Description

Set password

Enter a password for encrypting the log files. This password must be provided to open the exported log files.

Logs per file

Specify the maximum number of log entries in each file.

If the number of log entries to be exported is equal to or smaller than the specified number, the device exports the log entries to one file.
If the number of log entries to be exported is greater than the specified number, the device exports the log entries to multiple files.

Click Export.

Aggregate logs

Perform this task to enable log aggregation. Log aggregation reduces the number of log entries displayed on the Web interface and facilitates you to view the logs. With log aggregation enabled, the device aggregates service logs that meet the same aggregation criteria at the configured intervals. The log aggregation criteria include source IP address, destination IP address, application, VRF name, source security zone, and destination security zone.

Procedure

Click the Monitor tab.
In the navigation pane, select Security Logs > WAF Logs.
Click More, and select Log aggregation settings.
On the page that opens, enable log aggregation and configure the aggregation interval.
Click OK.