Javascript is required for MOREAL Online Documentation to function properly. Please enable Javascript by adjusting your browser settings.

RadWare WAF Log Structure

Logging in AppWall operates under UDP protocol and the maximum expected message size is 1024 bytes.

In addition to the standardized syslog format the AppWall Event is described as a key-value event representation. Within the produced event each Key is followed by an equal sign (=) in order to depict the event respective Key value. Pairs themselves are delimited with a space character

[syslog_pri] [datetime] [syslog-level] [host] [key-value pair event]

MOREAL currently supports events generated by the following modules, with the following event-specific fields defined:

Security  Management System
AppPath Description Description
Description Object Object
Host Priority Priority
IsPassive ReportingIP ReportingIP
Object Resource Resource
ParamName ServerName ServerName
ParamType SourceIP SyslogType
ParamValue SyslogType timestamp
Priority timestamp Title
ReportingIP Title Type
Resource Type
Role
RuleID
ServerName
SourceIP
SourcePort
SyslogType
timestamp
Title
TransID
Tunnel
Type
URI
WebApp
WebUser