Skip to content

Latest commit



executable file
104 lines (71 loc) · 3.08 KB

File metadata and controls

executable file
104 lines (71 loc) · 3.08 KB

Step 6 - Check logs in Kibana

In this module, we will check the logs in ELK (Elastic, Logstash, Kibana)

Check how logs are sent and how to set the destination syslog server


  1. SSH to Docker App Protect + Docker repo VM

  2. In /home/ubuntu (the default home folder), list the files ls -al

  3. You can see 2 files log-default.json and nginx.conf

  4. Open log-default.json less log-default.json. You will notice we log all requests.

    "filter": {
       "request_type": "all"
    "content": {
       "format": "default",
       "max_request_size": "any",
       "max_message_size": "5k"
  5. Open nginx.conf less nginx.conf

    user nginx;
    worker_processes 1;
    load_module modules/;
    error_log /var/log/nginx/error.log debug;
    events {
       worker_connections  1024;
    http {
       include       /etc/nginx/mime.types;
       default_type  application/octet-stream;
       sendfile        on;
       keepalive_timeout  65;
       server {
          listen       80;
          server_name  localhost;
          proxy_http_version 1.1;
          app_protect_enable on;
          app_protect_security_log_enable on;
          app_protect_security_log "/etc/nginx/log-default.json" syslog:server=;
          location / {
                resolver_timeout 5s;
                client_max_body_size 0;
                default_type text/html;


You will notice in the nginx.conf file the refererence to log-default.json and the remote syslog server (ELK)

Open Kibana in the Jumphost or via UDF access


  1. In UDF, find the ELK VM and click Access > ELK


  1. In Kibana, click on Dashboard > Overview


  1. At the bottom of the dashboard, you can see the logs. Select one of the log entries and check the content


You may notice the log content is similar to ASM and Adv. WAF


The default time window in this Kibana dashboard is Last 15 minutes. If you do not see any requests, you may need to extend the time window to a larger setting

Video of this module (force HD 1080p in the video settings)