Item |
Meaning of item |
date= |
The date is displayed. |
time= |
The time is displayed. |
log_id= |
The ID used internally is displayed. |
msg_id= |
The ID used internally is displayed. |
vd= |
The ID used internally is displayed. |
timezone= |
The time zone of Managed WAF is displayed. |
type= |
Displays the type of log. In case of detection related log in WAF [attack] is output. |
subtype= |
Displays the type of log. For security detection log, the detected function such as [subtype = waf_signature_detection] is displayed. |
pri= |
The log priority is displayed. |
trigger_policy= |
Displays the policy name that detected the attack. |
severtity_level= |
The severity level of the log is displayed. |
proto= |
The protocol described in the IP header is displayed. |
service= |
[http] or [https] is displayed. |
action= |
Displays output about security detection logs and one of the following actions upon detection:
Alert_Deny ... This blocks communication.
Alert ... This does not block communication. (Displayed if the signature is set to alert only.)
Erace ... This communicates by removing some information from the HTTP response.
*In addition, in monitor mode, there is no change in the display of the action, but the operation is as follows.
Alert_Deny ... This does not block communication.
Alert ... This does not block communication.
Erace ... It communicates without erasing information.
|
policy= |
The ServerPolicy that matches the communication in Managed WAF is displayed. |
src= |
Displays the IP address of the communication source. |
src_port= |
The port number of the communication source is displayed. |
dst= |
The IP address of the communication destination is displayed. |
dst_port= |
Displays the port number of the communication destination. |
http_method= |
The HTTP method is displayed. |
http_url= |
The URL is displayed. |
http_host= |
host is displayed. |
http_agent= |
The User Agent is displayed. |
http_session_id= |
The Session ID is displayed. |
msg= |
The content at the time of detection is displayed. |
signature_subclass= |
The subclass name of the signature is displayed. |
signature_id= |
The signature ID is displayed. |
srccountry= |
The country from which the communication was sent is displayed. |
server_pool_name= |
The applied Server Pool is displayed. |
false_positive_mitigation= |
Display whether to execute syntax check in addition to SQL injection signature. |