Link11 WAAP
v5
v5
  • Link11 WAAP Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Overview
  • Usage within applications and APIs
  • Administration
  • Parameters
  • Name
  • Status
  • Destination IP
  • Port
  • Server Groups
  • Transport protocol
  • Requests to export
  • Troubleshooting

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. System

Log Exporters

PreviousSecurity AlertsNextVersion Control

Last updated 1 month ago

Was this helpful?

Overview

Log Exporters allow admins to stream event data to an outside destination, e.g. a SIEM solution. Every few seconds, Link11 WAAP bundles and exports the most recent traffic events from its internal logs.

Below is a discussion of the console interface for configuring Log Exporters.

Usage within applications and APIs

Administration

The main Log Exporter window lists all currently defined Log Exporters.

Parameters

Name

A unique name for use within L11WAAP.

Status

Whether or not this Log Exporter is currently active.

Destination IP

The destination IP to which event data will be sent.

Port

The port to which event data will be sent.

Server Groups

The specific server groups for which event data will be sent.

Transport protocol

The protocol to use while streaming the event data.

  • TCP: Event data will be streamed over TCP.

  • TCP + TLS (Trusted): Event data will be streamed over HTTPS. When this is selected, an additional control will appear for uploading a PEM file containing the TLS certificate for the data's destination. The system will validate the certificate upon upload.

  • TCP + TLS (Untrusted): Event data will be streamed over HTTPS, but the system will not use a certificate.

Requests to export

  • Blocked: Export only the requests blocked by L11WAAP.

  • All: Export all the requests blocked or passed by L11WAAP.

Note that currently, Log Exporters can not include requests challenged by L11WAAP, or blocked by the origin.

Troubleshooting

If a Log Exporter has been configured but is not streaming data:

For details of the protocols and format of the event data, see .

There is a known issue when attempting to create a new Log Exporter.

Log Exporters operate at the system level. Admins can configure them for specific , or for the entire planet.

The administration (addition/deletion/editing/versioning) of Log Exporters follows the conventions described .

Verify that it is in .

If its is TCP + TLS (Trusted), verify that the certificate is valid and has not expired.

Log Exporter Output
server groups
Active mode
Protocol
More info
here