list
****


Description
===========

Gets structured Web Application Firewall event logs for a WAAS policy.
The list is sorted by the *timeObserved* starting from the oldest
recorded event (ascending).


Usage
=====

   oci waas waf-log list [OPTIONS]


Options
=======


--waas-policy-id [text]
-----------------------

The OCID of the WAAS policy. [required]


--limit [integer]
-----------------

The maximum number of items to return in a paginated call. In
unspecified, defaults to *20*.


--page [text]
-------------

The value of the *opc-next-page* response header from the previous
paginated call.


--time-observed-greater-than-or-equal-to [datetime]
---------------------------------------------------

A filter that matches log entries where the observed event occurred on
or after a date and time specified in RFC 3339 format. If unspecified,
defaults to two hours before receipt of the request.

The following datetime formats are supported:


UTC with milliseconds
~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ss.sssTZD

Example: 2017-09-15T20:30:00.123Z


UTC without milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T20:30:00Z


UTC with minute precision
~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mmTZD

Example: 2017-09-15T20:30Z


Timezone with milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T12:30:00.456-08:00, 2017-09-15T12:30:00.456-0800


Timezone without milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T12:30:00-08:00, 2017-09-15T12:30:00-0800


Timezone with minute precision
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mmTZD

Example: 2017-09-15T12:30-08:00, 2017-09-15T12:30-0800


Short date and time
~~~~~~~~~~~~~~~~~~~

The timezone for this date and time will be taken as UTC (Needs to be
surrounded by single or double quotes) Format: 'YYYY-MM-DD HH:mm' or
"YYYY-MM-DD HH:mm" Example: '2017-09-15 17:25'


Date Only
~~~~~~~~~

This date will be taken as midnight UTC of that day

Format: YYYY-MM-DD

Example: 2017-09-15


Epoch seconds
~~~~~~~~~~~~~

Example: 1412195400


--time-observed-less-than [datetime]
------------------------------------

A filter that matches log entries where the observed event occurred
before a date and time, specified in RFC 3339 format.

The following datetime formats are supported:


UTC with milliseconds
~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ss.sssTZD

Example: 2017-09-15T20:30:00.123Z


UTC without milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T20:30:00Z


UTC with minute precision
~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mmTZD

Example: 2017-09-15T20:30Z


Timezone with milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T12:30:00.456-08:00, 2017-09-15T12:30:00.456-0800


Timezone without milliseconds
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mm:ssTZD

Example: 2017-09-15T12:30:00-08:00, 2017-09-15T12:30:00-0800


Timezone with minute precision
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Format: YYYY-MM-DDTHH:mmTZD

Example: 2017-09-15T12:30-08:00, 2017-09-15T12:30-0800


Short date and time
~~~~~~~~~~~~~~~~~~~

The timezone for this date and time will be taken as UTC (Needs to be
surrounded by single or double quotes) Format: 'YYYY-MM-DD HH:mm' or
"YYYY-MM-DD HH:mm" Example: '2017-09-15 17:25'


Date Only
~~~~~~~~~

This date will be taken as midnight UTC of that day

Format: YYYY-MM-DD

Example: 2017-09-15


Epoch seconds
~~~~~~~~~~~~~

Example: 1412195400


--text-contains [text]
----------------------

A full text search for logs.


--access-rule-key [text]
------------------------

Filters logs by access rule key.


--action [BLOCK|DETECT|BYPASS|LOG|REDIRECTED]
---------------------------------------------

Filters logs by Web Application Firewall action.


--client-address [text]
-----------------------

Filters logs by client IP address.


--country-code [text]
---------------------

Filters logs by country code. Country codes are in ISO 3166-1 alpha-2
format. For a list of codes, see ISO's website.


--country-name [text]
---------------------

Filter logs by country name.


--fingerprint [text]
--------------------

Filter logs by device fingerprint.


--http-method [OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT]
--------------------------------------------------------------

Filter logs by HTTP method.


--incident-key [text]
---------------------

Filter logs by incident key.


--log-type [ACCESS|PROTECTION_RULES|JS_CHALLENGE|CAPTCHA|ACCESS_RULES|THREAT_FEEDS|HUMAN_INTERACTION_CHALLENGE|DEVICE_FINGERPRINT_CHALLENGE|ADDRESS_RATE_LIMITING]
------------------------------------------------------------------------------------------------------------------------------------------------------------------

Filter by log type.


--origin-address [text]
-----------------------

Filter by origin IP address.


--referrer [text]
-----------------

Filter by referrer.


--request-url [text]
--------------------

Filter by request URL.


--response-code [text]
----------------------

Filter by response code.


--threat-feed-key [text]
------------------------

Filter by threat feed key.


--user-agent [text]
-------------------

Filter by user agent.


--protection-rule-key [text]
----------------------------

Filter by protection rule key.


--all
-----

Fetches all pages of results. If you provide this option, then you
cannot provide the --limit option.


--page-size [integer]
---------------------

When fetching results, the number of results to fetch per call. Only
valid when used with --all or --limit, and ignored otherwise.


--from-json [text]
------------------

Provide input to this command as a JSON document from a file using the
file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate
a sample json file to be used with this command option. The key names
are pre-populated and match the command option names (converted to
camelCase format, e.g. compartment-id --> compartmentId), while the
values of the keys need to be populated by the user before using the
sample file as an input to this command. For any command option that
accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists
in both the JSON document and the command line then the command line
specified value will be used.

For examples on usage of this option, please see our "using CLI with
advanced JSON options" link: https://docs.cloud.oracle.com/iaas/Conte
nt/API/SDKDocs/cliusing.htm#AdvancedJSONOptions


-?, -h, --help
--------------

For detailed help on any of these individual commands, enter <command>
--help.
