Access logs
Access logs are generated for port 80 (default port) and 443 (default port) traffic. Each Balancer process has a corresponding Access log file (that is. two port 80 Balancer processes and two port 443 Balancer processes require four log files). The log file name format is <protocol><port>_pid<process-ID>access<date>.log.
The following are examples for port 80 and port 443:
-
http_ws_80_pid_19017_access_2018-01-22_13-10.log -
https_wss_443_pid_19018_access_2018-01-22_13-10.log
Access logs are rotated every 10 minutes and archived. The archived log file format has .gz at the end of the log file name, for example http_ws_80_pid_19017_access_2018-01-22_13-10.log.gz.
ASE sends all archived log files to API Behavioral Security (ABS) to detect attacks using machine learning algorithms. The files are then moved to the logs/abs_uploaded directory.
The following snippet shows an example log file:
-rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_0access2018-01-22_13-10.log -rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_0access2018-01-22_13-10.log -rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_19010access2018-01-22_13-10.log -rw-r--r--. 1 root root 0 Aug 10 13:10 http_ws_80_pid_19009access2018-01-22_13-10.log -rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_19022access2018-01-22_13-10.log -rw-r--r--. 1 root root 0 Aug 10 13:10 https_wss_443_pid_19017access2018-01-22_13-10.log -rw-r--r--. 1 root root 33223 Aug 10 13:11 balancer.log -rw-r--r--. 1 root root 20445 Aug 10 13:11 controller.log -rw-r--r--. 1 root root 33244 Aug 10 13:11 balancer_ssl.log