This topic provides an overview of WAF Metrics and steps to view WAF Metrics from the application UI.

To view WAF related metrics do the following.

  1. Navigate to Applications > Virtual Services.

  2. Click the Virtual Service mapped to the WAF Policy and navigate to WAF.

The chart in this tab displays WAF rule hits against the chosen time frame to help analyze denied requests and their corresponding trigger.

The following fields show specific hit counts for each listed element:

  • Group

  • Rule

  • Tag

  • Client IP

  • Path

  • Match Element

All elements in each field are displayed with the corresponding hit count. On discovering a false positive, any rule or group can be disabled using the toggle button.

You can click on any element in each field to create a specific filter. The field Popular Combinations displays the known combinations and their hit counts related to the chosen filter. The filter can be reset by clicking Reset filters.

For the detailed list of metric lists available on Avi Load Balancer, see Metrics.

Use the following curl command to filter WAF metrics by a WAF rule.

$ curl -H 'Content-Type: application/json' -H 'timeout: None' -H 'X-Avi-Tenant: admin' -H 'X-Avi-Cloud: Default-Cloud' -H 'X-Avi-Version: 31.1.1' -u admin:XXXXX -d  @/home/aviuser/metrics_post.json -v -k 'https://100.65.8.155/api/analytics/metrics/collection/?step=5&metric_id=waf_rule.sum_rejected&obj_id=941160'

Below is the response for the input provided in the previous example.

 {
    "series": {
    "virtualservice-eb2ac0b0-96b8-4736-ad56-06cd3bc604e1,100": [
        {
        "header": {
            "name":"waf_rule.sum_rejected",
            "units":"METRIC_COUNT",
            "obj_id":"100",
            "statistics": {
            "mean":0.5,
            "min":0.0,
            "min_ts":"2024-06-27T11:35:20+00:00",
            "max":2.0,
            "max_ts":"2024-06-27T11:35:30+00:00",
            "trend":-1.0,
            "num_samples":4,
            "sum":2.0
            },
            "metric_description":"Total number of connections rejected by WAF Rule.",
            "metrics_min_scale":100.0,
            "server":"100",
            "entity_uuid":"virtualservice-eb2ac0b0-96b8-4736-ad56-06cd3bc604e1",
            "obj_id_type":"METRICS_OBJ_ID_TYPE_VIRTUALSERVICE",
            "priority":true,
            "metrics_sum_agg_invalid":false,
            "tenant_uuid":"admin"},
        "data": [
            {
            "timestamp":"2024-06-27T11:35:20+00:00",
            "value":0.0
            },
            {
            "timestamp":"2024-06-27T11:35:25+00:00",
            "value":0.0
            },
            {
            "timestamp":"2024-06-27T11:35:30+00:00",
            "value":2.0
            },
            {
            "timestamp":"2024-06-27T11:35:35+00:00",
            "value":0.0
            }
        ]
        }
    ]
    }
}