WAF messages filter

Community Forum Forums Thunder and AX Series General WAF messages filter

Tagged: 

This topic contains 2 replies, has 2 voices, and was last updated by avatar luca.dm 10 months, 2 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #13112
    avatar
    luca.dm
    Member

    Hi all,
    I’ve applied a WAF template on my vThunder (release 2.7.2-P10) to test the impact on my application. I also added a logging template to send messages to my log server and it is working fine. Is there a way to filter messages sent by the vThunder so only denied actions are logged?

    Thanks

    Luca

    #13132
    avatar
    Genard Garcia
    Moderator

    Luca,

    There are 2 options you can do within 2.7.2 WAF code:

    1. You can create an aFleX script that captures the WAF logs and parse the output to only log “denied actions”.

    2. Use the logging template within ACOS and send it to log server such as rsyslog. The only limitation here is that you would not be able to parse the denied actions automatically other than creating a script to parse the specific denied actions.

    The difference between the two is that option 1 saves the file on the host(vThunder) device while the option 2, logs will be stored on the log server.

    Another option would be to use “show log | inc denied”. Let me know if this works otherwise request an FR to your regional SE.

    Genard

    #13182
    avatar
    luca.dm
    Member

    Hi Genard,
    option 1 does not suit well because I don’t want to store log on the local machine. At the moment I configured logging template to log on a remote server but I would like to send only denied messages and not all the sessions log. Is that possible in your opinion?

    Thanks

    Luca

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Comments are closed.