Log Service

Log Query

The UWAF console provides a query function for up to 10,000 access logs. The specific path is [Function Settings] -> [Log Service] -> [Log Query]. You can view the time of the request, source IP address, User-Agent, status code, etc. The access log does not contain the Body content in HTTP requests.

After expanding the search settings, you can add filter conditions to search for specific logs. You can filter by source IP, target IP, Referer, URL, User-Agent, status code, etc. Among them, Referer, URL, User-Agent support fuzzy search, and you can add multiple conditions to search at the same time.

Log Download

UWAF provides download functions for access logs and attack logs, and by default supports 7 days of log download. After opening the log extension package, it supports up to 180 days of log download.

The logs are compressed with gzip and uploaded to UWAF’s US3 storage (due to the size of the log, compression operations, network, etc., there will be a delay in the upload of the compressed package), generally compressing once every hour. If there are a lot of logs, the log compression cycle will be shortened according to the size of the log, with the shortest compression cycle being 5 minutes. If there are no logs generated within a certain time period, the log compression package for that period will not be generated. After selecting the specified log and clicking the [Download] button, you can get the uploaded log compression package in the pop-up window. Click the link to download. If the browser does not automatically download, please switch to a different browser to try again or copy the link to download.

If you need to download logs in bulk, you can use the API to download. Related API document: Download Access Log.