logs
Published 3 months ago
Published 3 months ago
homag
Updated 3 months ago
0
Hello,
We have deployed SafeLine WAF Pro and would like to improve traffic visibility (clearly separating legitimate requests from attacks).
Current setup: SafeLine was installed via manager.sh on a Linux server with Docker (default path /data/safeline). Containers safeline-mgt, safeline-tengine, safeline-detector, safeline-pg, etc. are running. In the web UI we created a Reverse Proxy application for our domain on port 443/HTTPS, attached an SSL certificate, configured an internal HTTP upstream, and pointed the domain’s DNS record to the SafeLine IP. The Statistics dashboard shows total requests and blocked rate, and Attacks → Events/Logs only shows rule hits (Audited/Blocked). On the host we only have error.log under /data/safeline/logs/nginx; tengine access logs live inside the container, which is inconvenient for analysis.
We would like to know:
where in the web UI we can see full HTTP traffic (all requests, not only attacks) and whether it can be filtered by allowed/passed/blocked/audited status;
how to properly expose tengine access logs on the host (which volumes to add to docker-compose.yaml for safeline-tengine so that access logs are written, for example, to /data/safeline/logs/nginx).
Our goal is to clearly distinguish legitimate vs malicious requests and export full access logs to external systems (ELK/ClickHouse, etc.).
Carrie
Updated 3 months ago
0
You can find the access logs in this directory:
/data/safeline/logs/nginx/safeline