Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Managing and Viewing Logs

    WebApp Secure keeps its log files in the /var/log/mws directory. The log files often prove useful for troubleshooting if there is ever a problem with the Appliance. WebApp Secure uses the following logs.

    • mws.log: includes all of the systems operational logs. These entries each include a header that states which service created the log entry. See mws Log Format.
    • access.log: includes details of HTTP transactions that are passing between the outside user, WebApp Secure, and the protected Application Server. See Access Log Format.
    • audit.log: contains the systems auditing information on who has logged into the system and might include actions they performed. See Audit Log Format.
    • firewall.log: stores information about dropped packets from the iptables firewall. For various reasons (intentional and/or unintentional) iptables might drop a particular packet. If this happens, the event's information is logged to firewall.log. See Firewall Log Format.
    • postgres.log: contains logs of manipulations on the schema of the database, as well as any errors that occurred during database operations. See Postgres Log Format.
    • security.log: all security alerts are sent to the security log file. There are different types of security incidents that are part of this log: new profiles, security incidents, new counter responses. See Security Log Format.

    By navigating to Configuration > Logging in the Web UI, you can adjust logging levels for Access Logging and Security Logging.

    Note: To change the default destination of log files, click the Log Destinations link at the top of the Logging Configuration page.

    Set the following for Access Logging:

    • Log Level: Off, Basic, Basic with Headers, Basic with Headers and body
    • Log requests before processing: True or False
    • Log requests to access log after processing: True or False
    • Log responses to access log before processing: True or False
    • Log responses to access log after processing: True or False

    Set the following for Security Logging:

    • Log incidents to the syslog: True or False
    • Incident severity log level: Informational, Suspicious, Low, Medium, High
    • Log Profile Creation: True or False
    • Log Response Activation: True or False

    The information logged here is usually used for troubleshooting, allowing an administrator to see exactly what the requests look like before and after processing by WebApp Secure.

    Log Retention

    Log Retention is located in the Logging section of the Web interface. You can set values for the following:

    • Log File Rotation: The number of logs files to keep. (Log file rotation runs every 10 minutes. If the log file size is over the threshold, then it will be rotated. If not, a check will occur again in 10 minutes. Note that if the Log File Size is set very low, the logs can grow to be larger than the maximum log size setting. )
    • Log File Size: The maximum size of each file in MB. (Note that changes made to this field are applied immediately.)

    Note: Log File Rotation and Log File Size parameters can be set to 0 or to any positive integer value. There are no hard upper limits on these values. Such limits are wholly dependent on the amount of disk space that is available for log storage. If you set these values to 0, for Log File Rotation, no copies are saved when a file is rotated. The file is deleted. If Log File Size is set to 0, the log file is truncated every 30 minutes.

     

    Related Documentation

     

    Published: 2014-06-27