Log Configuration Handler
Purpose
Permits the logging of additional information in the log files.
Usually, vWAF logs only parts of a request. The Log Configuration Handler can be used to include headers and arguments in the logging process as well if specific character strings occur in a header or in an argument.
ATTENTION
If security-relevant data such as usernames, passwords, credit card numbers, etc. are transmitted in the header or in the argument of the requests, this data also appears in the log files with the enhanced logging. If an unauthorized person succeeds in accessing the log files, this person would also have access to security-relevant data. So, for this reason, use the option to set up a blacklist to prevent security-relevant information going into the log files.
For more information regarding adding and editing Handlers, see Editing Handlers.
Severity
Events triggered by this handler are given the severity: low. (For details on severity levels, see Severity of Events Triggered by Handlers).
Recommendations for use
Use the Log Configuration Handler if you want to record and monitor special data from requests.
Attributes
Attribute | Meaning |
---|---|
log header whitelist |
Strings in the header of requests where additional logging of the header is to take place when they occur. Use Regular Expressions. For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed. |
log header blacklist |
Strings in the header of requests. When they occur, the header must not be logged in the log file even if the header would usually be included according to the log header whitelist. Use Regular Expressions. For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed. |
log arguments whitelist |
Strings in the arguments of requests where additional logging of the arguments is to take place when they occur. Use Regular Expressions. For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed. |
log arguments blacklist |
Strings in the arguments of requests. When they occur, the arguments are must not be logged in the log file even if the argument would usually be included according to the log arguments whitelist. Use Regular Expressions. For details on priority and internal processing, see How Blacklists, Whitelists, and Graylists Are Processed. |
case sensitive |
When enabled, the entries that you specify for log header whitelist, log header blacklist, log arguments whitelist, and log arguments blacklist are case sensitive. Usually, this is not needed but only makes your regular expressions more complicated. So, by default case-sensitivity is not enabled. |
usertext |
Optional: Here you can specify some text that vWAF adds to the log file entries created by this handler. You can use this, for example, to document why you've added the handler to your configuration, and how the handler is intended to behave. |
For details regarding entries added to the log file by this handler, see the relevant section in Entries in Application-Specific Log Files.