Barracuda WAF-as-a-Service includes Firewall Logs and Access Logs.
Firewall Logs are generated whenever suspicious HTTP requests are detected and denied, based on access control lists.
- Access Logs are generated for all user requests, providing information about website traffic and performance.
For information on Audit Logs, refer to Audit Logs.
To view logs for an application:
- Under Applications, click an application.
- In the left navigation bar, click Logs. On the Logs page, select All Logs, Firewall Logs, or Access Logs.
- For details on a specific log entry, click the plus icon for the record. The record expands to reveal details about the event.
Focusing Log Results
Click Filter to specify one or more filters to focus on specific log data, including Query Strings, URLs, and Methods.
By default, logs do not display health check information. To view this information, in addition to other log data, click Filter, then set Show Health Check to True.
Specifying a Date Range
To filter by specific dates, click the date/time filter. There, you can:
- Choose a pre-defined Quick Range value, like the last 7 or 30 days.
- Define a custom date and time range.
Downloading Log Data
When you have focused your log results, click Download. A CSV file of your results downloads automatically.
Note that there is a limit to the number of rows you can download. Only the first 10,000 rows of data can be exported to a CSV file. If your table displays more than 10,000 rows, a warning displays, instructing you to use more restrictive filters to view a smaller set of data, so you can download all of the log rows.
Marking as False Positive
When you review Firewall Logs, you might encounter a log entry that is a false positive: that is, where Barracuda WAF-as-a-Service detected a request as an attack, but the request was legitimate. Most often, this happens because a default limit on Barracuda WAF-as-a-Service is too restrictive.
To allow the legitimate request through, you must loosen security rules. It is advisable to loosen only the rules required, only for that particular page and/or parameter, and only by the minimum amount necessary to allow the legitimate request through. In many instances, Barracuda WAF-as-a-Service can do this automatically for you.
To loosen a restriction:
- In the Firewall Log, locate the entry that is a false positive.
- Click Mark as False Positive, in the upper right corner of the screen.
Barracuda WAF-as-a-Service will suggest one or more configuration changes that will allow this request through. If more than one option is shown, you will typically choose the one that Barracuda WAF-as-a-Service displays as Recommended; however, review all the options and choose the one that is most appropriate for your application.
- Click Apply Change.