Checks whether log collection is enabled for all domain names protected by Web Application Firewall (WAF). If log collection is enabled, the evaluation result is Compliant.
Scenarios
Enable log collection for each WAF-protected domain name so that Log Service for WAF automatically stores domain logs in the dedicated Logstore. You can then query and analyze the log data to meet audit requirements.
Risk level
Default risk level: medium.
You can change the risk level when you apply this rule.
Compliance evaluation logic
- If log collection is enabled for all WAF-protected domain names, the evaluation result is Compliant.
- If log collection is disabled for any WAF-protected domain name, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | waf-instance-logging-enabled |
| Rule identifier | waf-instance-logging-enabled |
| Tag | WAF and AuditBaseline |
| Automatic remediation | Supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | Instance |
| Input parameter | None |
Incompliance remediation
Enable log collection for the WAF-protected domain name. For more information, see Get started with WAF log service.