Oracle Web Application Firewall (WAF) is a cloud-based security service that helps protect web applications from malicious and unwanted internet traffic. It can protect any internet-facing endpoint and provides consistent rule enforcement across customer applications. In order to gain visibility into your web application traffic, it is important to enable and analyze logs generated by the WAF. Oracle Logging Analytics Service can be used to analyze and visualize logs generated by WAF, providing insights into application traffic, identifying potential attacks, and monitoring web application performance.
In this article, we will provide step-by-step instructions on how to enable and analyze logs using Oracle Logging Analytics Service.
Enable Logging on Oracle Web Application Firewall
- Go to the WAF policy -> Firewalls
- Enable Logs by creating a separate log group
Configure Log Ingestion from Load Balancer WAF to Logging Analytics
- Create Logging Analytics Group
- Create Service Connectors
- Source: Logging
- Target: Logging Analytics
- Logging Analytics group as target
Analyze Logs using Logging Analytics
- To analyze logs using Logging Analytics, go to OCI Navigation Menu >> Observability & Management >> Logging Analytics >> Log Explorer
- Import Dashboards
- Download JSON Files. Click Here
- Open each individual file, find all occurrences of “compartment-id”: “COMPARTMENT_ID” and replace “Compartment_ID” with your compartment ocid. In the end, it should look like “compartment-id”: “ocid1.compartment.oc1..xxxxxxxxxx”
- Open up an OCI CLI and run:
oci management-dashboard dashboard import --from-json file://WAF_Access_rule_and_Rate_limiting.jsonBy following these steps, you can easily enable and analyze logs generated by Oracle Web Application Firewall. With Oracle Logging Analytics Service, you can gain visibility into your web application traffic, identify potential attacks, and monitor web application performance, helping you to improve the overall security and performance of your web applications.