This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can WAF reverse proxy logging be toggled off (either for a single type of event, a single virtual webserver, or even for the complete WAF service)?

Hi Folks

Is there any way to toggle off WAF logging, either for a single virtual webserver, single type of event or even for the entire reverse proxy service? I've been hunting everywhere for a switch, but thus far I haven't found one (I suspect I've been missing something that's been 'staring me right in the face', as they say) nor have I yet come up with any cool ideas on how best to 'fiddle a fix'.

Briain

PS The reason I ask:

As many will know, Ubiquiti WAPs have no web GUI, but instead they send a heartbeat (on port 8080) every few seconds and one can install their UniFi server to receive them (for my home network, I have it running on a Raspberry Pi) and it is the UniFi server which collates all the WAP statistics (and facilitates configuring the WAPs). 

I recently set up a bunch of Ubiquiti WAPs and a switch for one of my [non-technical] friends and it occurred to me that given that I cannot visit him (I'm shielding someone) I should point them to my own instance of UniFi Pi. I initially opened port 8080 via a DNAT rule (and disabled logging) and all was well, but I've just disabled that DNAT rule and instead set up a virtual webserver in the WAF (listening on port 8080 and a path to the real server on the Raspberry Pi). I also set up the WAF firewall filters and it works with everything other than http policy selected (picture attached).

The trouble is that with there being a lot of WAPs, I am going to end up with very large log files, so I'd like to stop it logging (toggling it on every few weeks, just to check that nothing unexpected is happening).

Below shows a typical heartbeat log event:

2020:07:04-11:52:10 hadrian httpd: id="0299" srcip="111.111.111.111" localip="192.168.6.2" size="123" user="-" host="111.111.111.111" method="POST" statuscode="200" reason="-" extra="-" exceptions="-" time="124815" url="/inform" server="unifi.111.uk:8080" port="8080" query="" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XwBfWvlmXw@4LINzo6lcUAAAAAw"

Just for some fun, I did try creating an exception for 0229 (shown below) but that made no difference.

   

I wonder if there's any way to stop the logging, either for just that virtual webserver, that event or even the entire WAF logging?

Briain

NB I guess I could create a symbolic link pointing /var/log/reverseproxy.log to /dev/null, of course :-)



This thread was automatically locked due to age.