search

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
https://aws.amazon.com/solutions/aws-waf-security-automations
Apache License 2.0
837 stars 359 forks source link

Log Parser Error for cloudfront logs. #188

Closed kbrandstatter-qsrsoft closed 2 years ago

kbrandstatter-qsrsoft commented 3 years ago

https://github.com/awslabs/aws-waf-security-automations/blob/03caa391492f79169c8a45862f7171d196246ce1/source/log_parser/log-parser.py#L623

Seems to cause parse failure when used for cloudfront logs. Should be LINE_FORMAT_CLOUD_FRONT

Steps to reproduce: Using template for V 3.1.0 Deploy WAF stack for cloudfront Attach WAF to cloudfront distribution send traffic to cloudfront check logs See failure to parse line

[ERROR] 2021-04-07T17:33:06.963Z b20333f9-9e22-477c-b424-6bfae451b0ca [get_outstanding_requesters] Error to process line: 2021-04-07 17:29:49 ORD51-C2 616 GET d3q7qbrsc505o0.cloudfront.net /index.html.php 403 - Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:87.0)%20Gecko/20100101%20Firefox/87.0 - - Error UAw6lE5FKgRBwe8idtg5JNkWOqTe_wWCtOkh5yvCiQrOFlnjiEdwHA== .cloudfront.net http 407 0.037 - - - Error HTTP/1.1 - - 64461 0.037 Error application/xml - - -

Version 3.1.0

aijunpeng commented 3 years ago

Thanks for reporting the bug. This has been added to our backlog and will be addressed in future release.

dscpinheiro commented 2 years ago

Hi!

We just released v3.2.0 of the solution, and this issue has been fixed.