Default Error Log
Purpose
The Default Error Log logs events that don’t relate to a specific application. This can for example be invalid requests and requests for which vWAF doesn’t feel responsible as in the request no host name has been given that matches a configured host in vWAF. The Default Error Log therefore provides you with information on possible actions required for your security configuration.
For a detailed list of all log file entries possible, please refer to Entries in the Default Error Log.
To see the full text of an entry when the text doesn’t fit into the column, just hover the mouse over the entry. The full text then appears in a floating popup window.
Opening
To open the Default Error Log, select the menu item
.You can sort and filter the table, and you can view the configuration of individual handlers and get suggestions on how to optimize your security configuration. You can also download the Default Error Log (see Monitoring Attacks, Statistics, Log Files, Reports for a description of the log files).
Data displayed
Column | Meaning |
---|---|
Timestamp |
Date (YYYY-MM-DD) and time at which the entry was made. By default the latest entry is at the top of the list. |
Session |
Session ID. This entry is empty in many cases because the Default Error Log also logs those requests in particular that weren't made within a session secured using vWAF. |
Cluster Member |
Cluster member to which the entry relates to. |
Host |
Name of the host on which the request was placed. This entry is empty in many cases as the Default Error Log also logs requests in particular where the host name is missing. |
Client |
IP address of the querying client. |
Request |
The request as it was sent. |
Action |
Indicates what vWAF did:
|
Mode |
Indicates the mode of the ruleset that was active:
|
Type |
Indicates whether the entry relates to a request to a response:
|
Handler |
Shows the name of the handler that triggered the log file entry. You may see the names of some handlers here that you haven't configured manually. These are fixed, preconfigured, internal system handlers (see also Handlers, and within the Handler topic Internal System Handlers. |
Component |
Shows which attribute or setting of the handler caused vWAF to act. |
Pattern |
If any patterns were specified for the handler that triggered the log file entry, the particular pattern that matched is shown here (for details see reference of the particular handler). |
Freetext |
Additional, handler-specific information (see Entries in the Default Error Log). If you've specified some individual text in the attribute usertext of the handler, this text is also printed here. |
The Default Error Log Entries Per Minute Event Source triggers an alert when vWAF writes more entries to the Default Error Log within the given timeframe than the limit allows.