The Log Search feature in SiteWALL provides administrators with a powerful interface to view, filter, and download security and access logs generated for their protected applications. This feature helps teams monitor traffic activity, investigate threats, and analyse application behaviour efficiently using both basic and advanced filters.
Accessing Log Search
1. Login to the SiteWALL Management Portal.
2. In the sidebar, click on “Log Search.”
On this page, you can view and download logs for one or more protected applications.
The Basic Log Search allows you to quickly access logs using essential filters.
1. Duration
o Select the duration (e.g., Last 1 Hour, Last 24 Hours, Last 7 Days, or a custom range) for which you want to view logs.
2. Application
o Choose a specific application from the dropdown list to filter logs for that application only.
o Select “ALL” to view logs from all applications.
3. Action
o Choose the type of request action you want to review:
§ All – Displays all logs, both allowed and blocked.
§ Allowed – Shows only legitimate traffic permitted by SiteWALL.
§ Blocked – Displays only traffic that was blocked by SiteWALL’s protection rules.
Once filters are selected, SiteWALL displays the corresponding logs in a tabular view with key details such as timestamp, application name, source IP, rule triggered, and action taken.
The Advanced Filters option provides enhanced capabilities for detailed log analysis, allowing you to pinpoint specific events and investigate incidents with greater precision.
Steps to Access Advanced Filters
1. Login to the SiteWALL Management Portal.
2. Navigate to “Log Search” from the sidebar.
3. Click on “Advanced Filters” to expand additional filtering options.
Available Advanced Filters:
Filter | Description |
Duration | Select a time range for log viewing — for example, past hour, day, or a custom date range. |
Application | Filter logs for a specific application or select “All” to include all applications. |
Action | Filter logs based on request action (All, Allowed, Blocked). |
Source IP | Enter a specific IP address to view logs associated with traffic from that source. |
Rule ID | Enter a specific Rule ID to view logs triggered by that rule. |
Threat Name | If known, select or input the threat name to locate logs associated with a specific attack or detection type. |
Transaction ID | Use this to identify the exact reason a request was blocked.
- When a SiteWALL block page is displayed, it contains a Transaction ID.
- Copy the Transaction ID from that page and paste it into the Log Search field to retrieve the specific log entry for that event. |
Country | Filter logs by country to analyze traffic originating from a specific region. |
Response Code | Filter logs by HTTP response code. You can refine this filter using the following options:
- All: View logs for all response codes.
- Is: View logs matching a specific response code (e.g., 403).
- Is Not: Exclude logs with a specific response code.
- Range: View logs within a specific range of response codes (e.g., 400–499).
- Is Not in Range: Exclude logs within a defined range of response codes. |
Example Use Cases
Scenario | Filter Used | Purpose |
Investigate blocked traffic from a specific IP | Source IP + Action = Blocked | Identify and trace malicious IP activity. |
Analyze rule performance | Rule ID + Action = Blocked | Evaluate how specific security rules are triggered. |
Review allowed traffic from a specific country | Action = Allowed + Country = “US” | Examine geographic distribution of legitimate users. |
Diagnose response issues | Response Code = 500 Range | Identify application-side errors causing blocked or failed responses. |
To download logs for offline review or audit purposes:
1. Perform a log search using Basic or Advanced filters.
2. Click on the Download button available on the Log Search page.
3. The logs will be downloaded in a .csv format for further analysis or archival.
· Provides real-time visibility into application traffic.
· Enables forensic investigation of blocked or suspicious activity.
· Simplifies compliance reporting by allowing exportable audit logs.
· Helps optimize WAF policies by analyzing recurring attack patterns or false positives.
Note: After applying filters or downloading logs, allow a few seconds for data retrieval depending on the selected duration and volume of traffic. For extensive log ranges, prefer narrower date windows to improve performance.