Get Available Event Log Fields

WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.

Lists the available event log fields and their definitions.

This endpoint only supports JSON.

Request

A request to retrieve event log fields is described below.

HTTP Method Request URI

GET

https://api.edgecast.com/v2/mcc/customers/AccountNumber/waf/eventlogs/fields

Define the following term when submitting the above request:

VariableA variable represents a value that must be replaced. A variable consists of either a URL segment (e.g., "0001" in /0001/) or a query string value (e.g., "3" in mediaTypes=3). Description

AccountNumber

Required

Replace this variable with a customer account number. This account number may be found in the upper right-hand corner of the MCC.

Request Headers

This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.

Request Body

Request body parameters are not required by this endpoint.

Response

The response to the above request includes an HTTP status code, response headers, and a response body.

This endpoint only supports JSON.

Status Code

A status code indicates whether the request was successfully performed.

Response Headers

The response for this endpoint only includes standard HTTP response headers.

View common response headers.

Response Body

The response body for a successful request contains the following response parameters for each event log field returned by this endpoint:

Name Data Type Description

fields

Array

Objects

This response parameter contains the set of available fields.

name

String

fields array

Indicates the name of a field.

data_type

String

fields array

Indicates the field's data type (e.g., string or number).

description

String

fields array

Describes the field's purpose.

Errors

The response body for an unsuccessful request will contain an error response that provides additional information.

View common error messages.

Sample Request and Response

A sample JSON request is shown below.

GET https://api.edgecast.com/v2/mcc/customers/0001/waf/eventlogs/fields HTTP/1.1

Authorization: TOK:12345678-1234-1234-1234-1234567890ab

Accept: application/json

Host:api.edgecast.com

A sample JSON response is shown below.

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/json; charset=utf-8

Date: Thu, 15 Apr 2021 12:00:00 GMT

Content-Length: 2475

{
	"fields" : [{
			"name" : "Timestamp",
			"data_type" : "date",
			"description" : "timestamp of log entry as UTC timestamp"
		}, {
			"name" : "Epoch Time",
			"data_type" : "epoch",
			"description" : "time of log event as epoch UTC"
		}, {
			"name" : "Action Type",
			"data_type" : "string",
			"description" : "what action was taken"
		}, {
			"name" : "Rule Severity",
			"data_type" : "int",
			"description" : "Severity value from WAF Rule violation"
		}, {
			"name" : "Rule Message",
			"data_type" : "string",
			"description" : "Message indicating reason for block or alert"
		}, {
			"name" : "Instance Name",
			"data_type" : "string",
			"description" : "name of the WAF instance"
		}, {
			"name" : "Profile Name",
			"data_type" : "string",
			"description" : "Name of profile which triggered violation"
		}, {
			"name" : "Profile Type",
			"data_type" : "string",
			"description" : "Profile type specifying audit or production"
		}, {
			"name" : "Rule ID",
			"data_type" : "string",
			"description" : "WAF Security config rule ID"
		}, {
			"name" : "Client IP",
			"data_type" : "ip",
			"description" : "Client IP from Request"
		}, {
			"name" : "Country Code",
			"data_type" : "string",
			"description" : "Two letter country code"
		}, {
			"name" : "User Agent",
			"data_type" : "string",
			"description" : "The clients user-agent"
		}, {
			"name" : "Host",
			"data_type" : "string",
			"description" : "Hostname from request"
		}, {
			"name" : "URL",
			"data_type" : "string",
			"description" : "URL from request"
		}, {
			"name" : "Referer",
			"data_type" : "string",
			"description" : "Referer from request"
		}, {
			"name" : "Rule Tags",
			"data_type" : "string",
			"description" : "WAF Rule Tags indicating type of violation"
		}, {
			"name" : "Matched Data",
			"data_type" : "string",
			"description" : "Data from client request that matched rule"
		}, {
			"name" : "Matched On",
			"data_type" : "string",
			"description" : "Name of Variable in Rule that matched"
		}, {
			"name" : "Matched Value",
			"data_type" : "string",
			"description" : "Value of Variable in Rule that matched"
		}, {
			"name" : "Rule Policy",
			"data_type" : "string",
			"description" : "WAF Rule Policy"
		}, {
			"name" : "id",
			"data_type" : "string",
			"description" : "ID of WAF event"
		}
	]
}