Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    mws Log Format

    mws.log is the main log file for most WebApp Secure logging needs. All messages that don't have a specific log location are sent, by default, to mws.log. The format of the mws.log is as follows:


    Field definitions:

    • <utc_date>–The date of the log entry, in UTC.
    • <log_level>–The importance level of a log entry. Can be TRACE, DEBUG, INFO, WARN, or ERROR.
    • <service_name>–The WebApp Secure service that generated the log entry. Possible service names include:
      • mws-cluster-services -- Various smaller services that don't warrant a completely separate service are logged within this context. The term 'Cluster Services' is used as a way to reference certain services that should only have one instance in the case of a clustered WebApp Secure configuration. This is different from 'Local Services', described below.
      • mws-services -- All local services are logged through this context. A 'Local Service' (service for short) is any service that must be running on each instance of WebApp Secure in a clustered configuration.
      • mws-security-engine -- Messages that don't belong to a specific service, but rather deal with the core engine of WebApp Secure itself.
      • mws-ui -- All messages that are sent from the UI. Things like spawning UI HTTP worker threads and handling UI functionality are parts of this service.
      • mws-updates -- All messages that are sent during an upgrade. This service facilitates migrating from an older version of WebApp Secure to a newer version.
      • mws-backups -- Messages that are sent from the backup service. This service creates backups automatically.
      • mws-reports-api -- Messages that are sent from the reporting service. This service is responsible for running both on-demand and scheduled reports.
      • mws-pyro -- Pyro is used for interprocess communication.
    • <service_component> – The specific component that is issuing the log message. There are many components, but a few of the major services and their components are listed here:
      • [mws-cluster-services][db-cleanup] -- The DB cleanup service deletes traffic information stored in the database after they reach their configurable expiration date (specified in WebApp Secure Configuration). The information available to this service includes statistics information, malicious traffic, and non-malicious traffic. Each type of information has their own separate configuration.
      • [mws-cluster-services][auto-response] -- The auto response service is the service responsible for delivering automated responses to profiles that have activated a set of incidents. The rules in which the auto response service are activated against can be turned on and off through the Web UI under Configuration > Response Rules.
      • [mws-cluster-services][traffic-info] -- The traffic information service is used to control the requests and responses within the WebApp Secure system. Incoming requests are put into a processing queue and pulled off for processing in chunks by the traffic info service.
    • <log_message> – The message. This can be anything, but usually contains information to help you narrow down problems or confirm certain events have occurred as they should.

    Note: Some log entries might not have an applicable service or component, like core security engine log messages. In this case, the fields are not displayed.

    Note: Due to complications, currently all log entries with [mws-ui] do not have a <log_level>.


    Mar 19 18:42:38 my-jwas-instance [INFO][mws-cluster-services][db-cleanup] Database cleanup completed. Removed record count: 0 Mar 19 19:42:16 my-jwas-instance [mws-ui]: spawned uWSGI worker 1 (pid: 11209, cores: 1) Mar 19 20:18:26 my-jwas-instance [INFO][mws-security-engine] Server startup in 3080 ms

    Published: 2015-02-04