/
Logs

Logs

Jan 08, 2026

The Barracuda Web Application Firewall has a comprehensive logging feature to record significant events. Events related to HTTP traffic, actions of the Barracuda Web Application Firewall, and user actions are captured in logs. These log messages enable a system administrator to:

  • Obtain information about the Barracuda Web Application Firewall traffic and performance.

  • Analyze logs for suspicious activity.

  • Troubleshoot problems.

The following types of logs are available in the Barracuda Web Application Firewall:

  • Web Firewall Logs

  • Access logs

  • Audit logs

  • System Logs

  • Network Firewall Logs

For more information on logs, see Logging, Reporting and Monitoring.

To Retrieve Web Firewall Logs

URL: /v1/logs/webfirewall_logs

Method: GET

Description: Lists all web firewall logs.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

parameters

Alphanumeric

Optional

Any specific parameter name that needs to be retrieved.

Example 1: Retrieving all web firewall logs

Request:

curl http://10.11.25.9:8000/restapi/v1/logs/webfirewall_logs -u 'eyJldCI6IjE0NjQxMTg5MjgiLCJwYXNzd29yZCI6IjY0N2MxYTZlMGQwMGI5ZTdlN2ZlMDE2MmE1\nNDFiYzEzIiwidXNlciI6ImFkbWluIn0=\n:' -X GET

Response:

{"value":[{"ID":"154eb350fea-3a1b50","Time":"1464235003886","Client_port":53145,"Service_IP_Port":"99.99.9.2:80","Follow_Up_Action":0,"Proxy_IP":"99.99.1.117","Attack_Category":2,"Action":1,"Attack_Description":119,"Attack_Detail":"GET /inex<scripyt> HTTP/.10","Severity":1,"User_Agent":"Unknown","Query_String":"\"-\"","URL":"/inex<scripyt>","Authenticated_User":"","Client_type":5,"Rule_type":0,"Country":"US","Referer":"","Protocol":0,"Proxy_Port":53145,"Useragent_Version":"-","Client_ip":"99.99.1.117","Rule":"global","Host":"99.99.9.2"},"metadata":{"header":[{"Action":{"1":"LOG","3":"REDIRECT","0":"DENY","2":"CLOAK"}},{"Follow_Up_Action":{"1":"Client IP Block","0":"None","2":"Challenge with CAPTCHA"}},{"Severity":{"6":"Information","4":"Warning","1":"Alert","3":"Error","0":"Emergency","7":"Debug","2":"Critical","5":"Notice"}},{"Attack_Category":{"6":"XML Violations","11":"Limits Violation","3":"Forceful Browsing","7":"SQL Attacks","9":"Auth Attacks","12":"Outbound Attacks","2":"Protocol Violations","8":"FILE Attacks","1":"Session Tamper Attacks","4":"Injection Attacks","0":"Other Attacks","13":"JSON Violations","10":"DDoS Attacks","5":"XSS Injections"}},{"Rule_type":{"6":"Header ACL","4":"URL Profile","1":"URL ACL","3":"URL Policy","0":"Global","7":"JSON profile","2":"Global URL ACL","5":"Param Profile"}},{"Protocol":{"1":"HTTPS","769":"TLSv1.0","0":"HTTP","770":"TLSv1.1","771":"TLSv1.2","2":"FTP","768":"SSLv3"}}]},"token":"eyJldCI6IjE0NjU1NDQ1MjkiLCJwYXNzd29yZCI6ImUxNzFlZmZhMWE5NGRmYTY1YzA1YmU3ODJj\nZjAzZjUyIiwidXNlciI6ImFkbWluIn0=\n"}

Example 2: Retrieving web firewall logs based on a specific filter

Request:

curl http://10.11.25.9:8000/restapi/v1/logs/webfirewall_logs -u 'eyJldCI6IjE0NjU1NDQzNjEiLCJwYXNzd29yZCI6Ijc4NmVhZDZlMWQ1NGVkZDQzZWE3YTU0Y2Iz\nNWQzYjNlIiwidXNlciI6ImFkbWluIn0=\n:' -X GET -G -d act_taken=0

Response:

{"value":[{"ID":"154ebde5b7f-3a1b50","Time":"1464246099908","Client_port":35656,"Service_IP_Port":"99.99.9.10:80","Follow_Up_Action":0,"Proxy_IP":"99.99.1.117","Attack_Category":5,"Action":0,"Attack_Description":158,"Attack_Detail":"type=\"cross-site-scripting\" pattern=\"script-tag\" token=\"<SCRIPT>\" Parameter=\"name\" value=\"<SCRIPT>\"","Severity":1,"User_Agent":"Unknown","Query_String":"name=<SCRIPT>","URL":"/index.html","Authenticated_User":"","Client_type":5,"Rule_type":0,"Country":"US","Referer":"","Protocol":0,"Proxy_Port":35656,"Useragent_Version":"-","Client_ip":"99.99.1.117","Rule":"security-policy","Host":"99.99.9.10"},{"ID":"154f0adeb84-3a1b50","Time":"1464326810513","Client_port":51910,"Service_IP_Port":"99.99.9.2:80","Follow_Up_Action":0,"Proxy_IP":"99.99.1.117","Attack_Category":2,"Action":0,"Attack_Description":118,"Attack_Detail":"GE6T /index.html<script>>>> HTTP/1.0","Severity":1,"User_Agent":"Unknown","Query_String":"\"-\"","URL":"/","Authenticated_User":"","Client_type":5,"Rule_type":0,"Country":"US","Referer":"","Protocol":0,"Proxy_Port":51910,"Useragent_Version":"-","Client_ip":"99.99.1.117","Rule":"global","Host":"99.99.9.2"}],"metadata":{"header":[{"Action":{"1":"LOG","3":"REDIRECT","0":"DENY","2":"CLOAK"}},{"Follow_Up_Action":{"1":"Client IP Block","0":"None","2":"Challenge with CAPTCHA"}},{"Severity":{"6":"Information","4":"Warning","1":"Alert","3":"Error","0":"Emergency","7":"Debug","2":"Critical","5":"Notice"}},{"Attack_Category":{"6":"XML Violations","11":"Limits Violation","3":"Forceful Browsing","7":"SQL Attacks","9":"Auth Attacks","12":"Outbound Attacks","2":"Protocol Violations","8":"FILE Attacks","1":"Session Tamper Attacks","4":"Injection Attacks","0":"Other Attacks","13":"JSON Violations","10":"DDoS Attacks","5":"XSS Injections"}},{"Rule_type":{"6":"Header ACL","4":"URL Profile","1":"URL ACL","3":"URL Policy","0":"Global","7":"JSON profile","2":"Global URL ACL","5":"Param Profile"}},{"Protocol":{"1":"HTTPS","769":"TLSv1.0","0":"HTTP","770":"TLSv1.1","771":"TLSv1.2","2":"FTP","768":"SSLv3"}}]},"token":"eyJldCI6IjE0NjU1NDU1MTciLCJwYXNzd29yZCI6IjczMmY5NjkzMmE3NzQ0ZjA2NjliNDQ1MWE2\nMTc1OGZjIiwidXNlciI6ImFkbWluIn0=\n"}

Example 3: Retrieving web firewall logs based on limit and offset filters

curl -X GET -u 'eyJldCI6IjE1MDUyMDM1NDAiLCJwYXNzd29yZCI6ImM5ZjJkOGE4NGUxNGYzMTk3Y2QzMGRiYTdk\nODk3Zjg1IiwidXNlciI6ImFkbWluIn0 =:' 'http://<WAF-IP/PORT>/restapi/v1/logs/webfirewall_logs?limit=10&offset=25

Example 4: Retrieving web firewall logs based on the given interval

curl http://<WAF-IP/PORT>/restapi/v1/logs/webfirewall_logs?min_time=2015-12-20T23:22:18&max_time=2015-12-21T22:20:19 –X GET –u ”token:”

Note: The time for the filters "min_time" and "max_time" must be specified in the following format - YYYY-MM-DDTHH-MM-SS.

The following table lists the web firewall log parameters:

Parameter name in web interface

Parameter name to be used in the REST API command

Parameter name in web interface

Parameter name to be used in the REST API command

Time

timestamp

Severity

sev_level

Action

act_taken

Follow Up Action

followup_act

Attack Description

attack_desc

Attack Category

attk_category

Client IP

client_ip

Service IP Port

serviceip:serviceport

Rule Type

rule_type

Protocol

wf_log_protocol

Proxy IP

wf_proxyip

Proxy Port

wf_proxyport

Rule

rule_id

Attack Detail

attk_detail

User Agent

wf_useragent

Authenticated User

wf_authuser

Referer

referer

Host

apslog_host

URL

url

Useragent Version

useragent_version

Country

country_code

ID

log_uid

Query String

query_str

Client Type

client_type

Limit

limit

Offset

offset

Minimum Time

min_time

Maximum Time

max_time

To Retrieve Access Logs

URL: /v1/logs/access_logs

Method: GET

Description: Lists all access logs.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

parameters

Alphanumeric

Optional

Any specific parameter name that needs to be retrieved.

Example 1: Retrieving all access logs

Request:

curl http://10.11.25.9:8000/restapi/v1/logs/access_logs -u 'eyJldCI6IjE0NjU1NDQzNjEiLCJwYXNzd29yZCI6Ijc4NmVhZDZlMWQ1NGVkZDQzZWE3YTU0Y2Iz\nNWQzYjNlIiwidXNlciI6ImFkbWluIn0=\n:' -X GET

Response:

{"value":[{"Web_Firewall_Matched":1,"Login":"\"-\"","Response_Type":0,"Bytes_Sent":0,"Clickjacking":0,"User_Agent":"Unknown","Query_String":"\"-\"","URL":"GE6T","Method":"","Version":"\"-\"","Certificate_User":"\"-\"","Custom_Header2":"\"-\"","Host":"10.11.25.117","ID":"154f0adeb84-3a1b50","Time":"1464326810526","Cached":0,"ServerIP_Port":"10.11.25.117:80","Custom_Header3":"\"-\"","Proxy_IP":"99.99.1.117","Server_Time":0,"Custom_Header1":"\"-\"","Time_Taken":26,"Client_Port":51910,"Authenticated_User":"\"-\"","Referrer":"\"-\"","Bytes_Received":38,"Profile_Matched":1,"Country":"US","Session_ID":"","Protected":2,"Client_IP":"99.99.1.117","Client_Type":5,"Encrypted_URL":"\"-\"","Proxy_Port":51910,"Protocol":0,"Cookie":"\"-\""},{"Web_Firewall_Matched":0,"Login":"\"-\"","Response_Type":1,"Bytes_Sent":399,"Clickjacking":0,"User_Agent":"Unknown","Query_String":"\"-\"","URL":"/SDGF/1'OR'1","Method":"GET","Version":"HTTP/1.0","Certificate_User":"\"-\"","Custom_Header2":"","Host":"99.99.9.3","ID":"154f0b03e72-3a1b50","Time":"1464326963208","Cached":0,"ServerIP_Port":"10.11.25.117:80","Custom_Header3":"","Proxy_IP":"99.99.1.117","Server_Time":2,"Custom_Header1":"","Time_Taken":406,"Client_Port":32950,"Authenticated_User":"\"-\"","Referrer":"\"-\"","Bytes_Received":27,"Profile_Matched":1,"Country":"US","Session_ID":"","Protected":1,"Client_IP":"99.99.1.117","Client_Type":5,"Encrypted_URL":"\"-\"","Proxy_Port":32950,"Protocol":771,"Cookie":"\"-\""}],"metadata":{"header":[{"Protected":{"1":"Passive","0":"Unprotected","2":"Protected"}},{"Web_Firewall_Matched":{"1":"Invalid","0":"Valid"}},{"Profile_Matched":{"1":"Default","0":"Profiled"}},{"Response_Type":{"1":"Server","0":"Internal"}},{"Protocol":{"3":"WS","770":"TLSv1.1","771":"TLSv1.2","2":"FTP","1":"HTTPS","4":"WSS","0":"HTTP","769":"TLSv1.0","768":"SSLv3"}}]},"token":"eyJldCI6IjE0NjU1NDY3MDgiLCJwYXNzd29yZCI6IjdlMWUwMjc4ZjE5NzZkMWViNDE2ZTJmZjI1\nNmUyMDViIiwidXNlciI6ImFkbWluIn0=\n"}

Example 2: Retrieving access logs based on a specific filter

Request:

curl http://10.11.25.9:8000/restapi/v1/logs/access_logs -u 'eyJldCI6IjE0NjU1NDQzNjEiLCJwYXNzd29yZCI6Ijc4NmVhZDZlMWQ1NGVkZDQzZWE3YTU0Y2Iz\nNWQzYjNlIiwidXNlciI6ImFkbWluIn0=\n:' -X GET -G -d host=99.99.1.121

Response:

{"value":[{"Web_Firewall_Matched":1,"Login":"\"-\"","Response_Type":0,"Bytes_Sent":0,"Clickjacking":0,"User_Agent":"Unknown","Query_String":"\"-\"","URL":"GE6T","Method":"","Version":"\"-\"","Certificate_User":"\"-\"","Custom_Header2":"\"-\"","Host":"99.99.1.121","ID":"154f0adeb84-3a1b50","Time":"1464326810526","Cached":0,"ServerIP_Port":"10.11.25.117:80","Custom_Header3":"\"-\"","Proxy_IP":"99.99.1.117","Server_Time":0,"Custom_Header1":"\"-\"","Time_Taken":26,"Client_Port":51910,"Authenticated_User":"\"-\"","Referrer":"\"-\"","Bytes_Received":38,"Profile_Matched":1,"Country":"US","Session_ID":"","Protected":2,"Client_IP":"99.99.1.117","Client_Type":5,"Encrypted_URL":"\"-\"","Proxy_Port":51910,"Protocol":0,"Cookie":"\"-\""},{"Web_Firewall_Matched":0,"Login":"\"-\"","Response_Type":1,"Bytes_Sent":399,"Clickjacking":0,"User_Agent":"Unknown","Query_String":"\"-\"","URL":"/SDGF/1'OR'1","Method":"GET","Version":"HTTP/1.0","Certificate_User":"\"-\"","Custom_Header2":"","Host":"99.99.9.3","ID":"154f0b03e72-3a1b50","Time":"1464326963208","Cached":0,"ServerIP_Port":"10.11.25.117:80","Custom_Header3":"","Proxy_IP":"99.99.1.117","Server_Time":2,"Custom_Header1":"","Time_Taken":406,"Client_Port":32950,"Authenticated_User":"\"-\"","Referrer":"\"-\"","Bytes_Received":27,"Profile_Matched":1,"Country":"US","Session_ID":"","Protected":1,"Client_IP":"99.99.1.117","Client_Type":5,"Encrypted_URL":"\"-\"","Proxy_Port":32950,"Protocol":771,"Cookie":"\"-\""}],"metadata":{"header":[{"Protected":{"1":"Passive","0":"Unprotected","2":"Protected"}},{"Web_Firewall_Matched":{"1":"Invalid","0":"Valid"}},{"Profile_Matched":{"1":"Default","0":"Profiled"}},{"Response_Type":{"1":"Server","0":"Internal"}},{"Protocol":{"3":"WS","770":"TLSv1.1","771":"TLSv1.2","2":"FTP","1":"HTTPS","4":"WSS","0":"HTTP","769":"TLSv1.0","768":"SSLv3"}}]},"token":"eyJldCI6IjE0NjU1NDY5MTYiLCJwYXNzd29yZCI6ImU2ZmJjZjM0YWFkODM4Y2E2NTRiNWYzZjAx\nOTg4ZDEzIiwidXNlciI6ImFkbWluIn0=\n"}

Example 3: Retrieving access logs based on limit and offset filters

curl -X GET --header 'Accept: application/json' -u 'eyJldCI6IjE1MDUyMDM1NDAiLCJwYXNzd29yZCI6ImM5ZjJkOGE4NGUxNGYzMTk3Y2QzMGRiYTdk\nODk3Zjg1IiwidXNlciI6ImFkbWluIn0 =:' 'http://<WAF-IP/PORT>/restapi/v1/logs/access_logs?limit=10&offset=25

Example 4: Retrieving access logs based on the given interval

curl http://<WAF-IP/PORT>/restapi/v1/logs/access_logs?min_time=2015-12-20T23:22:18&max_time=2015-12-21T22:20:19 –X GET –u ”token:”

Note: The time for the filters "min_time" and "max_time" must be specified in the following format - YYYY-MM-DDTHH-MM-SS.

The following table lists the access log parameters:

Parameter name in web interface

Parameter name to be used in the REST API command

Parameter name in web interface

Parameter name to be used in the REST API command

Time

timestamp

ID

log_uid

Client IP

client_ip

Client Port

client_port

Country

country_code

Client Type

client_type

Certificate User

cert_user

Proxy IP

web_proxyip

Proxy Port

web_proxyport

User Agent

web_useragent

Authenticated User

web_authuser

Custom Header1

web_cusheader1

Custom Header2

web_cusheader2

Custom Header3

web_cusheader3

ServerIP Port

serverip:serverport

Method

method

Clickjacking

click_jacking

Encrypted URL

encrypted_url

Cached

cache_hit

Bytes Sent

byte_sent

Bytes Received

byte_recvd

Protected

protected_flag

Web Firewall Matched

wf_match_flag

Profile Matched

profile_flag

Response Type

response_flag

Protocol

web_log_protocol

Version

weblog_version

Host

weblog_host

URL

uri_stem

Query String

query_str

Referrer

referrer

Time Taken

time_taken

Server Time

server_time

Session ID

session_id

Limit

limit

Offset

offset

Minimum Time

min_time

Maximum Time

max_time

To Retrieve Audit Logs

URL: /v1/logs/audit_logs

Method: GET

Description: Lists all audit logs.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

parameters

Alphanumeric

Optional

Any specific parameter name that needs to be retrieved.

The following table lists the audit log parameters:

Parameter name in web interface

Parameter name to be used in the REST API command

Parameter name in web interface

Parameter name to be used in the REST API command

Time

timestamp

ID

bson_oid

Login IP

login_ip

Admin

admin_name

Role

admin_role

Transaction Type

txn_name

Change Type

chg_name

Transaction ID

txn_id

Object_Type

obj_type

Object_Name

obj_name

Variable

variable

Old Value

old_value

New Value

new_value

Additional Data

add_data

Limit

limit

Offset

offset

Minimum Time

min_time

Maximum Time

max_time

To Retrieve System Logs

URL: /v1/logs/system_logs

Method: GET

Description: Lists all system logs.

Parameter Name

Data Type

Mandatory

Description

Input Parameters:

 

 

 

parameters

Alphanumeric

Optional

Contact Us
Barracuda Campus
Barracuda Support