WAF Metrics and Alarms
This topic describes the metrics emitted by the metric namespace
oci_waf (the WAF service).
Overview of the WAF Service Metrics
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based global security service that protects applications from malicious and unwanted internet traffic. The WAF service metrics help you measure various levels of traffic encountering your WAF policies, including non-malicious traffic. For more information, see Overview of the Web Application Firewall Service.
- IAM policies: To monitor resources, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to the monitoring services as well as the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in. For more information on user authorizations for monitoring, see the Authentication and Authorization section for the related service: Monitoring or Notifications.
Available Metrics: oci_waf
The metrics listed in the following table are automatically available for any policies you create. You do not need to enable monitoring on the resource to get these metrics. However, you must have the policy properly set up with web traffic passing through it to make the
oci_waf metric space available in the Metrics Explorer feature. Policies with no web traffic emit no metric data.
Each metric includes the following dimensions:
- The An Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). This ID is included as part of the resource's information in both the Console and API. of the policy to which the metric applies.
|Metric||Metric Display Name||Unit||Description||Dimensions|
||Requests||count||The number of requests a policy received.||
The amount of non-malicious web traffic delivered to the policy’s origin.
Using the Console
WAF service metrics are currently only available using the Metrics Explorer feature in the Console. For more information about metrics, see Viewing Metric Charts.
Open the navigation menu. Under Solutions and Platform, go to Monitoring and click Metrics Explorer.
For Metric Namespace, select oci_waf.
Select a metric to view from the Metric Name field.
- Select a qualifier specified in the Dimension Name field. For example, the dimension
resourceIdis specified in the metric definition for
Select the value you want to use for the specified dimension in the Dimension Value field. For example, the resource identifier for your instance of interest.
Click Update Chart.
The chart will be updated with the metrics that have been requested.
This section includes steps to create an alarm. For more information about configuring alarms, see Managing Alarms.
- Open the navigation menu. Under Solutions and Platform, go to Monitoring and click Alarm Definitions.
Click Create alarm.
On the Create Alarm page, under Define alarm, fill in or update the alarm settings:
- Alarm Name: A user-friendly name for the alarm.
- Alarm Severity: The level of importance of the alarm when it is triggered.
- Alarm Body: A user-friendly message that accompanies the alarm notification when it is triggered.
- Metric description:
Compartment: Select your A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. .
- Metric Namespace: Select oci_waf.
Metric Name: The metric the alarm measures.
Interval: The frequency at which data is aggregated.
Statistic: The aggregation function applied for converting a set of data points. Available functions include count, max, mean, rate, min, sum, and percentile.
- Operator: The mathematical operator of the condition that will trigger the alarm.
- Value: The value that the metric must meet before triggering an alarm.
- Trigger Delay Minutes: The number of minutes that the condition must be maintained before triggering an alarm.
- Set up an email notification under Notifications, Destinations:
- Destination Service: Notifications Service
Compartment: The compartment where the notification resides.
Topic: Click Create a topic
- Topic Name: User-friendly name for the new topic. Example: "Operations Team " for a topic used to notify operations staff of firing alarms.
- Topic Description: Description of the new topic.
- Subscription Protocol: Medium of communication to use for the new topic.
Repeat notifications every day:
- Repeat Notification?: Whether or not the notification will continue to be resent if the alarm continues to fire.
- Notification Interval:The interval of time the notification will be resent if the alarm continues to fire.
Click Save alarm.
Using the API
Use the following APIs for monitoring: