waf 日志类型监控 Web 应用程序防火墙 (WAF) 日志。WAF 的作用是监控和过滤 Web 应用程序与互联网之间流动的 HTTP 流量。WAF 可防止常见的安全攻击,例如跨站脚本 (XSS) 和 SQL 注入 (SQLi)。
以下代码片段包含此日志类型的所有 raw_field 和 ecs 映射:
"mappings": [
{
"raw_field":"cs-method",
"ecs":"waf.request.method"
},
{
"raw_field":"httpRequest.httpMethod",
"ecs":"waf.request.method"
},
{
"raw_field":"cs-uri-query",
"ecs":"waf.request.uri_query"
},
{
"raw_field":"httpRequest.uri",
"ecs":"waf.request.uri_query"
},
{
"raw_field":"httpRequest.args",
"ecs":"waf.request.uri_query"
},
{
"raw_field":"cs-user-agent",
"ecs":"waf.request.headers.user_agent"
},
{
"raw_field":"httpRequest.headers",
"ecs":"waf.request.headers"
},
{
"raw_field":"sc-status",
"ecs":"waf.response.code"
},
{
"raw_field":"responseCodeSent",
"ecs":"waf.response.code"
},
{
"raw_field":"timestamp",
"ecs":"timestamp"
},
{
"raw_field":"httpRequest.headers.value",
"ecs":"waf.request.headers.value"
},
{
"raw_field":"httpRequest.headers.name",
"ecs":"waf.request.headers.name"
}
]