Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Access Log Format

    WebApp Secure lets you configure logging for all traffic coming to and from the box. All of this communication between the clients and WebApp Secure will be sent to access.log. Depending on the type of access logging enabled in the WebApp Secure configuration, there are some different formats the log entries can take.

    • Basic

      <date_utc> <hostname> [<log_level>] [mws-access][<thread>] key:<unique_request_key>, PHASE _<"REQUEST” or "RESPONSE">_<"PRE or "POST">_PROCESS, <proxy_client_ip>, <url>

    • Basic with Headers

      <date_utc> <hostname> [<log_level>] [mws-access][<thread>] key:<unique_request_key>, PHASE _<"REQUEST” or "RESPONSE">_<"PRE or "POST">_PROCESS, <proxy_client_ip>, <url>

      <header_name>: <header_value>

      <header_name>: <header_value>

      <header_name>: <header_value>

    • Basic with Headers and Body

      <date_utc> <hostname> [<log_level>] [mws-access][<thread>] key:<unique_request_key>, PHASE _<"REQUEST” or "RESPONSE">_<"PRE or "POST">_PROCESS, <proxy_client_ip>, <url>

      <header_name>: <header_value>

      <header_name>: <header_value>

      <header_name>: <header_value>

      (blank line)

      <body_content>

    Field definitions:

    • <date_utc>–The date of the log entry, in UTC.
    • <hostname>–The hostname of the appliance.
    • <log_level>–The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR.
    • <thread>–The specific thread that is handling the request or response. It might take the form of [se-request-#], where # is the thread number, or [pool-#-thread-#], where # represents the pool and thread number, respectively.
    • <unique_request_key>–This is a key used to uniquely identify requests. It can be useful when searching for a specific request in a large file.
    • <”REQUEST" or "RESPONSE”>–Whether the HTTP packet is a client request, or a server response.
    • <”PRE" or "POST”>–Whether the HTTP packet is being logged before or after Security Engine processes it (and potentially manipulates it).
    • <proxy_client_ip>–The incoming client IP. Since WebApp Secure works around a Nginx proxy, the client IP will most-likely be "127.0.0.1".
    • <url>–The full request or response URL.
    • <header_name>–The name of a header sent in a request or response. There can be multiple headers in an HTTP packet.
    • <header_value>–The value of a header sent in a request or response. There can be multiple headers in an HTTP packet.
    • <body_content>–The full content of the body in requests that contain a body. In the case of GET, for example, there will most likely not be a body.

    Examples:

    Basic

    Mar 19 21:11:47 webappsecure [INFO][mws-access][se-request-6] key:da5a23dd-8367-476e-97ca-d734ab56244d,PHASE_REQUEST_PRE_PROCESS,127.0.0.1,http://zach-vm.jwas.jsec.net:80/genericelectronics

    Basic with Headers

    Mar 19 19:48:14 webappsecure [INFO][mws-access][se-request-25] key:12521298-13f1-4019-8e21-c6046cf2dac7,PHASE_REQUEST_POST_PROCESS,127.0.0.1,http://10.20.0.53:80/ GET / HTTP/1.1 host: 10.20.0.53 x-forwarded-for: 213.85.244.190, 10.20.1.23 x-myk-request-info: http, HTTP/1.1, 80 x-myk-appid: default x-myk-port: 80 x-myk-use-ssl: false x-myk-ssl: false connection: close user-agent: Mozilla/5.0 (X11 U Linux x86_64 en-us) AppleWebKit/532+ (KHTML, like Gecko) Safari/419.3 Midori/0.1.8 x-myk-access-log-id: 12521298-13f1-4019-8e21-c6046cf2dac7

    Basic with Headers and Body

    Mar 19 19:48:14 webappsecure [INFO][mws-access][se-request-13] key:cfde0089-2b93-4bad-a8f5-555ac29ef4b6,PHASE_REQUEST_POST_PROCESS,127.0.0.1,http://10.20.0.53:80/ POST / HTTP/1.1 host: 10.20.0.53 x-forwarded-for: 213.85.244.190, 10.20.1.23 x-myk-request-info: http, HTTP/1.1, 80 x-myk-appid: default x-myk-port: 80 x-myk-use-ssl: false x-myk-ssl: false connection: close user-agent: tsung content-type: application/x-www-form-urlencoded content-length: 3009 x-myk-access-log-id: cfde0089-2b93-4bad-a8f5-555ac29ef4b6 data=bWltZXR5cGVzOjI2MzowLHBsdWdpbnM6MTA5NjowLHRpbWV6b25lOjM6MCxjb25zb2xlOjQ1Oj

    Published: 2015-02-04