Updated on 2025-05-15 GMT+08:00

Querying Protection Events

WAF sorts out the attacks, the ten websites attacked the most, ten attack source IP addresses that launched the most attacks, and the ten URLs attacked the most for a selected time range. You can view the blocked or logged events on the Events page. You can view details of events generated by WAF, including the occurrence time, attack source IP address, geographic location of the attack source IP address, malicious load, and hit rule for an event.

Constraints

  • On the WAF console, you can view the event data for all protected domain names over the last 30 days. You can authorize LTS to log WAF activities so that you can view attack and access logs and store all logs for a long time. For more details, see Using LTS to Log WAF Activities.
  • If you switch the WAF working mode for a website to Suspended, WAF only forwards all requests to the website without inspection. It does not log any attack events neither.
  • If the security software installed on your server blocks the event file from being downloaded, close the software and download the file again.

Viewing Protection Event Logs

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, click Events.