Technical Tip: How to enable Security Log (WAF) to show the matched pattern or string

Khidzir_MN · ‎02-27-2024

Description

This article describes how to enable the respective FortiADC Security Log (WAF) to show the respective matched pattern or string that triggers the respective security violation. It may be necessary to preconfigure the WAF Profile and refer to the documentation at the end of this article for more information on configuring the WAF Profile.

Scope

FortiADC and FortiADC-VM.

Solution

The option to view the respective matched pattern or string is disabled (default) in the respective WAF Profile.

This option can be enabled with the below steps:

Go to Web Application Firewall -> WAF Profile.
Select and edit the respective WAF Profile.
Toggle the button next to the 'Rule Match Record' option.

Select Save at the bottom of the page to save the changes.

Review the respective Security Log (Log&Report -> Security Log (WAF)).

Sample log with the 'Rule Match Record' option disabled.

Sample log with the 'Rule Match Record' option enabled.

Note that it is advisable to enable the 'Rule Match Record' option only during troubleshooting or for a temporary period as it may increase the system resource usage.

Refer to the below documentation for more information on the WAF Profile:
Configuring a WAF Profile