Example Logs
- Last UpdatedDec 09, 2024
- 2 minute read
View some examples of Imperva log files.
CEF Example
The following is an example of an Imperva log file in CEF format.
Example of CEF Access and Security Events
CEF:0|Incapsula|SIEMintegration|1|1|Illegal Resource Access|3| fileid=3412341160002518171 sourceServiceName=site123.abcd.info siteid=1509732 suid=50005477 requestClientApplication=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 deviceFacility=mia cs2=true cs2Label=Javascript Support cs3=true cs3Label=CO Support ccode=IL tag=www.elvis.com cn1=200 in=54 xff=44.44.44.44 cs1=NOT_SUPPORTED cs1Label=Cap Support cs4=c2e72124-0e8a-4dd8-b13b-3da246af3ab2 cs4Label=VID cs5=de3c633ac428e0678f3aac20cf7f239431e54cbb8a17e8302f53653923305e1835a9cd871db32aa4fc7b8a9463366cc4 cs5Label=clappsig dproc=Browser cs6=Firefox cs6Label=clapp ccode=IL cicode=Rehovot cs7=31.8969 cs7Label=latitude cs8=34.8186 cs8Label=longitude Customer=CEFcustomer123 siteTag=my-site-tag start=1453290121336 request=site123.abcd.info/ requestmethod=GET qstr=p\=%2fetc%2fpasswd app=HTTP act=REQ_CHALLENGE_CAPTCHA deviceExternalID=33411452762204224 cpt=443 src=12.12.12.12 ver=TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 end=1566300670892 additionalReqHeaders=[{"Accept":"*/*"},{"x-v":"1"},{"x-fapi-interaction-id":"10.10.10.10"}] additionalResHeaders=[{"Content-Type":"text/html; charset\=UTF-8"}] filetype=30037,1001, filepermission=2,1, cs9=Block Malicious User,High Risk Resources, cs9Label=Rule name cs11=,,[{"api_security_violation_type":"INVALID_PARAM_NAME","parameter_name":"somename"}] cs11Label=Rule Additional Info
Example of CEF Access Event
CEF:0|Incapsula|SIEMintegration|1|1|Normal|0| sourceServiceName=site123.abcd.info siteid=1509732 suid=50005477 requestClientApplication=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 deviceFacility=mia ccode=IL tag=www.elvis.com cicode=Rehovot cs7=31.8969 cs7Label=latitude cs8=34.8186 cs8Label=longitude Customer=CEFcustomer123 siteTag=my-site-tag start=1453290121336 request=site123.abcd.info/main.css ref=www.incapsula.com/lama requestmethod=GET cn1=200 app=HTTP deviceExternalID=33411452762204224 in=54 xff=44.44.44.44 cpt=443 src=12.12.12.12 ver=TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 end=1566300670892 additionalReqHeaders=[{"Accept":"*/*"},{"x-v":"1"},{"x-fapi-interaction-id":"10.10.10.10"}] additionalResHeaders=[{"Content-Type":"text/html; charset\=UTF-8"}]
LEEF Example
The following is an example of an Imperva log file in LEEF format.
Example of LEEF Access and Security Events
LEEF:0|Incapsula|SIEMintegration|0|SQL Injection| fileId=3412364560000000008 sourceServiceName=test56111115.incaptest.co siteid=1333546 suid=300656 requestClientApplication=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 popName=mia cs2=true cs2Label=Javascript Support cs3=true cs3Label=CO Support cs1=NA cs1Label=Cap Support cs4=936e64c2-bdd1-4719-9bd0-2d882a72f30d cs4Label=VID cs5=bab1712be85b00ab21d20bf0d7b5db82701f27f53fbac19a4252efc722ac9131fdc60c0da620282b02dfb8051e7a60f9 cs5Label=clappsig dproc=Browser cs6=Firefox cs6Label=clapp calCountryOrRegion=IL cicode=Rehovot cs7=31.8969 cs7Label=latitude cs8=34.8186 cs8Label=longitude Customer=siemtest siteTag=my-site-tag start=1460303291788 url=test56111115.incaptest.co/ requestMethod=GET qstr=keywords\=3%29%29%29%20AND%203434%3d%28%27%3amvc%3a%27%7c%7c%28SELECT%20CASE%203434%20WHEN%203434%20THEN%201%20ELSE%200%20END%20FROM%20RDB%24DATABASE%29%7c%7c%27%3aqvi%3a%27%29%20AND%20%28%28%283793%3d3793 cn1=200 proto=HTTP cat=REQ_PASSED deviceExternalId=2323800832649 dst=54.195.35.43 dstPort=80 in=406 xff=127.0.0.1 srcPort=443 src=127.0.0.1 protoVer=TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 end=1566300670892 additionalReqHeaders=[{"Accept":"*/*"},{"x-v":"1"},{"x-fapi-interaction-id":"10.10.10.10"}] additionalResHeaders=[{"Content-Type":"text/html; charset\=UTF-8"}] fileType=12999,50999,50037,50044, filePermission=37,20,1,1, cs9=,High Risk SQL Expressions,,SQL SELECT Expression, cs9Label=Rule name cs11=[{"api_security_violation_type":"INVALID_PARAM_NAME","parameter_name":"somename"}],,,, cs11Label=Rule Additional Info
W3C Example
The following is an example of an Imperva log file in W3C format.
Example of W3C Header for Each Log File
#Software: Incapsula LOGS API#Version: 1.0
#Date: 20/Jan/2016 14:22:15
#Fields: date time cs-vid cs-clapp cs-browsertype cs-js-support cs-co-support cs-clappsig s-capsupport s-suid cs(User-Agent) cs-sessionid s-siteid cs-countrycode s-tag cs-cicode s-computername cs-lat cs-long s-accountname sr-pop s-sitetag cs-uri cs-postbody cs-version sc-action s-externalid cs(Referrer) s-ip s-port cs-method cs-uri-query sc-status s-xff cs-bytes cs-start c-port cs-rule c-ip cs-protver cs-end cs-additionalReqHeaders cs-additionalResHeaders cs-severity cs-attacktype cs-attackid s-ruleName cs-ruleInfo
Example of W3C Access and Security Events
"2016-01-20" "14:21:20" "14114780-8939-4a38-bf21-1c5fd4f528f7" "Firefox" "Browser" "true" "true" "de3c633ac428e0678f3aac20cf7f239431e54cbb8a17e8302f53653923305e1835a9cd871db32aa4fc7b8a9463366cc4" "NA" "50005518" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0" "3412341160002581277" "1594476" "US" "" "Dover" "fullLevelW3C.test.co" "mia" "my-site-tag" "39.1588" "39.1588" "w3cFullName" "fullLevelW3c.test.co/" "" "HTTP" "REQ_BLOCKED_SECURITY" "43524464361744448" "" "" "" "GET" "p=%2cEXTRACTVALUE%28as%2cconcat%28" "" "" "443" "" "12.12.12.12" "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" "1566300670892" "{"Accept":"*/*"},{"x-v":"1"},{"x-fapi-interaction-id":"10.10.10.10"}]" "[{"Content-Type":"text/html; charset\=UTF-8"}]" "0" "50999" "16" "High Risk SQL Expressions" “[{"api_security_violation_type":"INVALID_PARAM_NAME","parameter_name":"somename"}]"
Example of W3C Access Event
"2016-01-20" "14:19:47" "" "" "" "" "" "" "" "555" "curl/7.33.0" "" "1177375" "IL" "" "Rehovot" "AccessLevelW3C.test.co" "mia" "my-site-tag" "" "" "w3cACCESS" "accesslevelw3c.test.co/" "" "HTTP" "" "26210617967913034" "" "" "" "GET" "" "200" "" "956" "443" "" "12.12.12.12" "TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256" "1566300670892" "{"Accept":"*/*"},{"x-v":"1"},{"x-fapi-interaction-id":"10.10.10.10"}]" "[{"Content-Type":"text/html; charset\=UTF-8"}]" "" "" "" ""
For more examples, go to https://www.w3.org/TR/WD-logfile.html.