Service StatusSupport Hub[email protected]
Documentation

Metrics & Logging

Suggest Edits

We provide comprehensive metrics and logging features to enhance the monitoring and observability of your website's security. It is crucial to regularly review these metrics and logs to ensure that no false positives are triggered and that potential threats are effectively blocked.

Metrics

Our system allows you to view detailed metrics related to your website's traffic and security events processed by the WAF Engine. These metrics include:

  • The total number of processed requests.
  • The total number of triggered rules.
  • The number of triggered rules that were logged.
  • The number of triggered rules that were blocked.

Analyzing these metrics provides valuable insights into the performance of your WAF Engine and helps determine whether further investigation or configuration adjustments are necessary for your WAF Engine rulesets. Monitoring these metrics can also help identify unusual patterns that may indicate security threats or misconfigurations leading to false positives.
You can view the complete API documentation for our Metrics endpoints here, under the section labeled Metrics.

Logging

Our WAF Engine provides in-depth logging for all triggered requests. These logs enable you to see exactly why a rule was triggered, whether it was logged or blocked, and the specific details of the request that caused the trigger. This detailed logging is essential for making informed decisions about whether you need to adjust your ruleset or confirm that the WAF Engine is correctly identifying and handling potential threats.

You can view in-depth logs on any triggered requests by our WAF Engine, allowing you to see exactly why a rule was triggered (logged or blocked) and decide whether to adjust your ruleset or confirm that it's correctly triggering against requests.

To access the WAF logging data, use the following API endpoint: GET https://waf-logging.bunny.net/{{shieldZoneId}}.
Authentication is required to access the WAF Logging API. You must include your API key in the AccessKey header of your HTTP request. This ensures that only authorized users can access sensitive logging information.

Updated about 17 hours ago