In Web Application Firewall (WAF), after you enable the Simple Log Service for WAF feature, you can retain the default settings of log fields to be delivered or configure log fields to be delivered for specific protected objects based on your business requirements. You can also manage and configure log fields for different protected objects in a centralized manner.
Default Field Settings tab
You can predefine log fields for delivery. After you configure the default field settings, the settings are applied to all protected objects and log delivery tasks. You can perform the following operation to access the entry point: In the left-side navigation pane, choose . On the page that appears, click Log Configuration in the upper-right corner. Then, the Default Field Settings tab is automatically displayed. The following table describes the parameters that you can configure.
Parameter | Description |
Required Fields | Required fields are always included in WAF logs. You cannot modify the required fields. |
Optional Fields | Optional fields are included in WAF logs based on your settings. WAF logs include the optional fields that you enable. Note The storage usage of WAF logs increases with the number of optional fields that you enable. If you have sufficient log storage capacity, we recommend that you enable more optional fields to analyze logs in a more comprehensive manner. |
Log Type | Valid values are Full Log, Block Log, and Block and Monitor Logs. You can select a value based on your log storage capacity. We recommend that you select a value that balances your monitoring requirements and requirements for storage cost control.
|
After you complete the default field settings, click Save. If the The operation is successful. message appears, the settings take effect globally. If you want to modify the settings, go back to the Default Field Settings tab.
Field of Delivery to Simple Log Service on the Delivery Settings tab
You can separately configure fields and log types for a protected object. After you configure the settings, the settings have a higher priority than the default field settings. You can perform the following operation to access the entry point: In the left-side navigation pane, choose . On the page that appears, click Log Configuration in the upper-right corner. On the page that appears, click the Delivery Settings tab. On the tab, find the protected object that you want to manage and click Field Settings in the Field of Delivery to Simple Log Service column. The following table describes the parameters that you can configure.
Parameter | Description |
Required Fields | Required fields are always included in WAF logs. You cannot modify the required fields. |
Optional Fields | Optional fields are included in WAF logs based on your settings. WAF logs include the optional fields that you enable. Note The storage usage of WAF logs increases with the number of optional fields that you enable. If you have sufficient log storage capacity, we recommend that you enable more optional fields to analyze logs in a more comprehensive manner. |
Log Type | Valid values are Full Log, Block Log, and Block and Monitor Logs. You can select a value based on your log storage capacity. We recommend that you select a value that balances your monitoring requirements and requirements for storage cost control.
|
After you complete the field settings, click OK. If the The operation is successful. message appears, the settings take effect on the protected object.