class Aws::WAFV2::Types::LoggingConfiguration

Defines an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

@note When making an API call, you may pass LoggingConfiguration

data as a hash:

    {
      resource_arn: "ResourceArn", # required
      log_destination_configs: ["ResourceArn"], # required
      redacted_fields: [
        {
          single_header: {
            name: "FieldToMatchData", # required
          },
          single_query_argument: {
            name: "FieldToMatchData", # required
          },
          all_query_arguments: {
          },
          uri_path: {
          },
          query_string: {
          },
          body: {
          },
          method: {
          },
          json_body: {
            match_pattern: { # required
              all: {
              },
              included_paths: ["JsonPointerPath"],
            },
            match_scope: "ALL", # required, accepts ALL, KEY, VALUE
            invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
          },
        },
      ],
      managed_by_firewall_manager: false,
      logging_filter: {
        filters: [ # required
          {
            behavior: "KEEP", # required, accepts KEEP, DROP
            requirement: "MEETS_ALL", # required, accepts MEETS_ALL, MEETS_ANY
            conditions: [ # required
              {
                action_condition: {
                  action: "ALLOW", # required, accepts ALLOW, BLOCK, COUNT
                },
                label_name_condition: {
                  label_name: "LabelName", # required
                },
              },
            ],
          },
        ],
        default_behavior: "KEEP", # required, accepts KEEP, DROP
      },
    }

@!attribute [rw] resource_arn

The Amazon Resource Name (ARN) of the web ACL that you want to
associate with `LogDestinationConfigs`.
@return [String]

@!attribute [rw] log_destination_configs

The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that
you want to associate with the web ACL.
@return [Array<String>]

@!attribute [rw] redacted_fields

The parts of the request that you want to keep out of the logs. For
example, if you redact the `HEADER` field, the `HEADER` field in the
firehose will be `xxx`.

<note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
`HEADER`, or `METHOD`.

 </note>
@return [Array<Types::FieldToMatch>]

@!attribute [rw] managed_by_firewall_manager

Indicates whether the logging configuration was created by Firewall
Manager, as part of an WAF policy configuration. If true, only
Firewall Manager can modify or delete the configuration.
@return [Boolean]

@!attribute [rw] logging_filter

Filtering that specifies which web requests are kept in the logs and
which are dropped. You can filter on the rule action and on the web
request labels that were applied by matching rules during web ACL
evaluation.
@return [Types::LoggingFilter]

@see docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/LoggingConfiguration AWS API Documentation

Constants

SENSITIVE