Fastly WAF Security Logs

Fastly Web Application Firewall (WAF) logs capture security events and threat detection data from Fastly’s edge security services. These logs include information about HTTP requests, response states, client information, and geographic data that helps protect web applications from various cyber threats.

Fastly Source Tile

Ingest Methods

Setup the ingestion of this source using one of the following guides:

If using an AWS S3 bucket use the following SNS topic ARN to send your bucket notifications.

arn:aws:sns:<REGION>:253602268883:runreveal_fastlywaf

Setup

Setting up Fastly WAF logs requires the use of Fastly’s log streaming service to send logs to your object storage bucket. For a detailed guide on collecting logs from a storage bucket review the links under Ingest Methods above.

Fastly Log Streaming Configuration

Configure Fastly to stream WAF logs to your chosen storage bucket using Fastly’s real-time log streaming feature. This provides immediate delivery of security events for real-time monitoring and analysis.

Supported Storage Providers

ProviderDescriptionSetup Guide
AWS S3Stream WAF logs directly to Amazon S3 for scalable storage and integration with AWS analytics servicesFastly S3 Logging Guide
Google Cloud StorageSend WAF logs to Google Cloud Storage for integration with BigQuery and other GCP analytics toolsFastly Google Cloud Storage Logging Guide
Azure Blob StorageConfigure Fastly to stream WAF logs to Azure Blob Storage for integration with Azure analytics servicesFastly Azure Blob Storage Logging Guide
Cloudflare R2Use Cloudflare R2’s S3-compatible API to receive Fastly WAF logs. Configure as an S3 endpoint with R2 credentialsCloudflare R2 S3 API Documentation

Source Configuration

When setting up your Fastly WAF source, provide:

  • Source Name: A descriptive name for your Fastly WAF source
  • Object Storage Configuration: Based on your chosen storage method
  • Health Check Duration: Configure how often to check source health (default: 1 day)
  • Notification Channels: Set up alerts for when the source stops receiving events

Data Schema

Your Fastly WAF logs will be available in the fastly_waf_logs table with the source type fastly-waf.