To view attack logs, you need to click into an application, then view the logs in Logs > Attack Logs.
A maximum of 10,000 logs are displayed per each filter. FortiWeb Cloud saves the attack logs for two months. After that, they will be deleted.
Unlike FortiView which displays threat data in different categories, Attack Logs straightforwardly lists all the threats.
In Attack Logs, You can click an entry to see threat details, or use Add Filter to filter out threats as desired. Click Reload to update the page with any logs that have been recorded since you previously loaded the page.
If you know that certain URL tends to falsely trigger violations by matching an attack signature during normal use, you can click Add Exception beside the signature ID. The traffic to the specified URL and/or parameter in the exception rule will not be treated as an attack even if it matches this particular signature. For Request URL and Parameter Name, you should enable at least one. Please wait several minutes for the configuration to take effect.
Specify a URL value to match. For example,
Do not include a domain name because it's by default the domain name of this application.
Specify a parameter name to match. For example,
To create a regular expression, see Frequently used regular expressions.
Please note that the number of attacks displayed in Attack Logs,
- Certain attack types such as Bot and DDoS attacks generate a large amount of requests in a short time. To prevent numerous identical attack logs flooding the UI, FortiWeb Cloud only logs the first request in Attack Logs and
FortiView, while it shows the actual count in Blocked Requests Widget so you can know how many actual attack requests were blocked.
- To prevent Information Leakage, FortiWeb Cloud may cloak the error pages or erase sensitive HTTP headers in response packets. Such item are logged only once per minute in Attack Logs and
FortiViewfor you to know the Information Leakage rule took effect. In the meanwhile, the actual count is recorded in Blocked Requests Widget.
- If you have set FortiWeb Cloud to block attacks but do not generate a log when certain violation occurs, such as Deny(no log), then the attacks will not be logged in Attack Logs and
FortiView, but will be counted in the Blocked Requests widget.