Starting with VMware Cloud Director 10.5.1, you can view detailed logs for the virtual services that you configured.
The virtual service logs include WAF signature violation logs that are always categorized as critical.
Procedure
- From the top navigation bar, select Resources and click Cloud Resources.
- In the left panel, click Edge Gateways.
- Click the NSX edge gateway on which the virtual service is configured.
- Click the virtual service name and then click the Logs tab.
A list of the virtual service logs for the selected period is displayed. You can filter the results by log type (if non-critical logging is enabled), client IP, URI, request type and response.
- If you suspect that the WAF signature violations list contains a false positive, you can check the WAF recommendations.
The recommendations feature provides suggestions for WAF settings remediation to avoid similar false positive reports in the future.
- On the right hand side of the Log Details, click Recommendations.
- Review the proposed changes, the reasoning for them and the associated risks.
Note that accepting the recommendations results in a reconfiguration of the WAF settings that might be difficult to undo.
- If you choose to implement the proposed remediation changes, click Accept.
- To change the time interval for which you are seeing virtual service logs, select a new interval from the drop-down menu or select Custom and specify a time period.
- To view the details for a specific log event, click the expand button on the left of the log name.
Information about the logged event is displayed, including WAF signature violations, if any, and details about the client request, any actions, and the application response.
- If necessary, export the logs for the virtual service in CSV format.
- On the right side of the screen, click Export Logs.
- (Optional) Select the Friendy Field Names check box if you want to use friendly column headers.
If you you deselect the check box, the output document will use the field names from the original logs in the column headers.
- (Optional) Select the Sanitize Data check box if you want the log data to be sanitized by prepending tab characters to data that otherwise could be interpreted as a spreadsheet formula.
Deselect the check box if you do not want the data to be sanitized, for example, if the added tabs may prevent a script from reading it correctly.
- (Optional) If you want to export only specific columns, deselect the Export All Columns check box and select the names of the columns that you want to export.
- Click Export.