Huawei Cloud WAF Web Application Firewall
Collect Huawei Cloud WAF Metrics data
Configuration¶
Install Func¶
It is recommended to activate the TrueWatch integration - extension - DataFlux Func (Automata): all prerequisites are automatically installed, please proceed with the script installation
If you deploy Func by yourself, refer to Self-deploy Func
Install Script¶
Note: Please prepare the Huawei Cloud AK in advance (for simplicity, you can directly grant global read-only permissions
ReadOnlyAccess)
-
Log in to the Func console, click 【Script Market】, enter the TrueWatch script market, and search for
ID: integration_huaweicloud_waf -
Click 【Install】, then enter the corresponding parameters: Huawei Cloud AK, SK, and account name
-
Click 【Deploy Startup Script】, the system will automatically create the
Startupscript set and configure the corresponding startup script -
After enabling, you can see the corresponding automatic trigger configuration in 「Manage / Automatic Trigger Configuration」. Click 【Execute】 to execute it immediately without waiting for the scheduled time. After a while, you can check the execution task records and corresponding logs
Verification¶
- In 「Manage / Automatic Trigger Configuration」, confirm whether the corresponding task has the corresponding automatic trigger configuration, and you can also check the corresponding task records and logs to see if there are any exceptions
- In TrueWatch, check if there is asset information in 「Infrastructure / Custom」
- In TrueWatch, check if there is corresponding monitoring data in 「Metrics」
Metrics¶
Collect Huawei Cloud WAF Metrics, you can collect more Metrics through configuration Huawei Cloud WAF Metrics Details
| Metric ID | Metric Name | Metric Meaning | Value Range | Measurement Object | Monitoring Period (Original Metric) |
|---|---|---|---|---|---|
requests |
Request Count | This Metric is used to count the total number of requests returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_2xx |
WAF Return Code (2XX) | This Metric is used to count the number of 2XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_3xx |
WAF Return Code (3XX) | This Metric is used to count the number of 3XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_4xx |
WAF Return Code (4XX) | This Metric is used to count the number of 4XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_5xx |
WAF Return Code (5XX) | This Metric is used to count the number of 5XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_fused_counts |
WAF Fused Count | This Metric is used to count the number of requests protected by WAF fuse in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
inbound_traffic |
Inbound Traffic | This Metric is used to count the total inbound bandwidth size in the last 5 minutes. Unit: Mbit | ≥0 Mbit | Protected Domain | 5 minutes |
outbound_traffic |
Outbound Traffic | This Metric is used to count the total outbound bandwidth size in the last 5 minutes. Unit: Mbit | ≥0 Mbit | Protected Domain | 5 minutes |
waf_process_time_0 |
WAF Processing Delay - Interval [0-10ms) | This Metric is used to count the total number of WAF processing delays in the interval [0-10ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_10 |
WAF Processing Delay - Interval [10-20ms) | This Metric is used to count the total number of WAF processing delays in the interval [10-20ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_20 |
WAF Processing Delay - Interval [20-50ms) | This Metric is used to count the total number of WAF processing delays in the interval [20-50ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_50 |
WAF Processing Delay - Interval [50-100ms) | This Metric is used to count the total number of WAF processing delays in the interval [50-100ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_100 |
WAF Processing Delay - Interval [100-1000ms) | This Metric is used to count the total number of WAF processing delays in the interval [100-1000ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_1000 |
WAF Processing Delay - Interval [1000+ms) | This Metric is used to count the total number of WAF processing delays in the interval [1000+ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
qps_peak |
QPS Peak | This Metric is used to count the QPS peak of the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
qps_mean |
QPS Mean | This Metric is used to count the QPS mean of the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_0 |
No Return WAF Status Code | This Metric is used to count the number of WAF status response codes with no return in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_2xx |
Upstream Return Code (2XX) | This Metric is used to count the number of 2XX series status response codes returned by the upstream in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_3xx |
Upstream Return Code (3XX) | This Metric is used to count the number of 3XX series status response codes returned by the upstream in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_4xx |
Upstream Return Code (4XX) | This Metric is used to count the number of 4XX series status response codes returned by the upstream in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_5xx |
Upstream Return Code (5XX) | This Metric is used to count the number of 5XX series status response codes returned by the upstream in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_0 |
No Return WAF Status Code | This Metric is used to count the number of WAF status response codes with no return in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
inbound_traffic_peak |
Inbound Traffic Peak | This Metric is used to count the peak of inbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
inbound_traffic_mean |
Inbound Traffic Mean | This Metric is used to count the mean of inbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
outbound_traffic_peak |
Outbound Traffic Peak | This Metric is used to count the peak of outbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
outbound_traffic_mean |
Outbound Traffic Mean | This Metric is used to count the mean of outbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
attacks |
Total Attack Count | This Metric is used to count the total number of attack requests of the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
crawlers |
Crawler Attack Count | This Metric is used to count the total number of crawler attack requests of the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
base_protection_counts |
Web Basic Protection Count | This Metric is used to count the number of attacks protected by Web basic protection rules in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
precise_protection_counts |
Precise Protection Count | This Metric is used to count the number of attacks protected by precise protection rules in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
cc_protection_counts |
CC Protection Count | This Metric is used to count the number of attacks protected by CC protection rules in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
Object¶
The collected Huawei Cloud WAF object data structure can be seen in 「Infrastructure - Custom」.
{
"measurement": "huaweicloud_waf",
"tags": {
"RegionId" : "cn-south-1",
"hostname" : "xxxxxxxxx.cn",
"id" : "9c877f3c83594d10af5aec52bcc1c707",
"paid_type" : "prePaid",
"project_id" : "756ada1aa17e4049b2a16ea41912e52d"
},
"fields": {
"flag" : "[JSON data]",
"proxy" : "False",
"timestamp" : "1731653371361",
"protect_status" : "1",
"access_status" : "1",
"exclusive_ip" : "False",
"web_tag" : "waf"
}
}
Note: The fields in
tags,fieldsmay change with subsequent updatesNote: The
idvalue is the protected domain ID, used as a unique identifier