Default Error Log

Purpose

The Default Error Log logs events that don’t relate to a specific application. This can for example be invalid requests and requests for which vWAF doesn’t feel responsible as in the request no host name has been given that matches a configured host in vWAF. The Default Error Log therefore provides you with information on possible actions required for your security configuration.

For a detailed list of all log file entries possible, please refer to Entries in the Default Error Log.

To see the full text of an entry when the text doesn’t fit into the column, just hover the mouse over the entry. The full text then appears in a floating popup window.

Opening

To open the Default Error Log, select the menu item Administration > Default Error Log.

You can sort and filter the table, and you can view the configuration of individual handlers and get suggestions on how to optimize your security configuration. You can also download the Default Error Log (see Monitoring Attacks, Statistics, Log Files, Reports for a description of the log files).

Data displayed

Column	Meaning
Timestamp	Date (YYYY-MM-DD) and time at which the entry was made. By default the latest entry is at the top of the list.
Session	Session ID. This entry is empty in many cases because the Default Error Log also logs those requests in particular that weren't made within a session secured using vWAF.
Cluster Member	Cluster member to which the entry relates to.
Host	Name of the host on which the request was placed. This entry is empty in many cases as the Default Error Log also logs requests in particular where the host name is missing.
Client	IP address of the querying client.
Request	The request as it was sent.
Action	Indicates what vWAF did: OK if the request was accepted HTTP error code if the request was denied (see HTTP Error Codes)
Mode	Indicates the mode of the ruleset that was active: P : protection mode D : detection mode
Type	Indicates whether the entry relates to a request to a response: RQ: Request RS: Response
Handler	Shows the name of the handler that triggered the log file entry. You may see the names of some handlers here that you haven't configured manually. These are fixed, preconfigured, internal system handlers (see also Handlers, and within the Handler topic `Internal System Handlers`.
Component	Shows which attribute or setting of the handler caused vWAF to act.
Pattern	If any patterns were specified for the handler that triggered the log file entry, the particular pattern that matched is shown here (for details see reference of the particular handler).
Freetext	Additional, handler-specific information (see Entries in the Default Error Log). If you've specified some individual text in the attribute usertext of the handler, this text is also printed here.

The Default Error Log Entries Per Minute Event Source triggers an alert when vWAF writes more entries to the Default Error Log within the given timeframe than the limit allows.