You're viewing version 2.16 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.
The waf
log type monitors web application firewall (WAF) logs. The role of a WAF is to monitor and filter HTTP traffic flowing between a web application and the internet. A WAF prevents common security attacks, such as cross-site scripting (XSS) and SQL injection (SQLi).
The following code snippet contains all the raw_field
and ecs
mappings for this log type:
"mappings": [
{
"raw_field":"cs-method",
"ecs":"waf.request.method"
},
{
"raw_field":"httpRequest.httpMethod",
"ecs":"waf.request.method"
},
{
"raw_field":"cs-uri-query",
"ecs":"waf.request.uri_query"
},
{
"raw_field":"httpRequest.uri",
"ecs":"waf.request.uri_query"
},
{
"raw_field":"httpRequest.args",
"ecs":"waf.request.uri_query"
},
{
"raw_field":"cs-user-agent",
"ecs":"waf.request.headers.user_agent"
},
{
"raw_field":"httpRequest.headers",
"ecs":"waf.request.headers"
},
{
"raw_field":"sc-status",
"ecs":"waf.response.code"
},
{
"raw_field":"responseCodeSent",
"ecs":"waf.response.code"
},
{
"raw_field":"timestamp",
"ecs":"timestamp"
},
{
"raw_field":"httpRequest.headers.value",
"ecs":"waf.request.headers.value"
},
{
"raw_field":"httpRequest.headers.name",
"ecs":"waf.request.headers.name"
}
]