Web Application Firewall logs

When you activate Web Application Firewall (WAF) for Power Pages, each request's logs are captured and stored in your Microsoft Dataverse instance. To access these logs, follow these steps:

1. Navigate to the Security workspace.
2. Select the Download firewall logs button.
3. Specify the start and end dates.

Note

By specifying the start and end dates, you can download only the relevant logs. By default, logs for the past 30 days are retained in Dataverse. You can modify this retention period by adjusting the settings in the configuration menu located next to the Download firewall logs button. You can extend the retention period up to 90 days or choose to disable the capturing of firewall logs entirely.

Prerequisites

• Power Pages Core version 1.0.2403.84 or later.

Firewall log schema 

Firewall logs for Power Pages are stored within the Dataverse instance associated with the site's environment. These logs are presented in the Power Pages Log table, which includes the following columns: 

Column Name	Description
Name	Power Pages site name
Client IP	Represents the client IP address associated with the request being processed.
Content	This column contains the detail of each rule execution. clientIP: Represents the client IP address associated with the request being processed.  clientPort: Represents the client port associated with the request being processed. socketIP: Represents the socket IP address associated with the TCP connection that the current request originated from.  requesturl: site url being requested  requestpath: Partial path of the request  ruleName: Firewall rule being evaluated  action: allow/block trackingReference: Unique reference for each request logged by firewall.  details: details of the rule evaluation
Portal ID	Website ID associated with the request site url
Request Path	Partial path of the request
Request Url	site url being requested
Type	WAFLog