Feature: Display WAF Logs
Problem to solve
WAF users need visibility into the traffic that is passing through the WAF as well as the resulting decision (allow, log, block). Without this visibility, it is difficult to custom tune WAF rules as there is no easy way to verify that the rule is working as designed. The current alternative of SSH'ing into each container to view the logs is inefficient for customers with lots of environments or containers, and provides the information in a format that is difficult to quickly interpret for the purpose of determining whether or not the WAF rules are functioning as designed.
Intended users
Proposal
- Users will be able to view a list of log entries for the WAF from the GitLab UI
- Users will be able to expand or open any individual item in the list to view the full details for each log entry from the GitLab UI
- Logs will be sorted newest to oldest by default, with the newest logs appearing at the top of the list
- Logs need to be rotated automatically and should default to being deleted after 30 days
Not Required Functionality
Functionality that is planned for the future but is not required to meet the requirements of this issue include the following:
- The ability to change the sort order of the list
- The ability to filter the list of logs
Permissions and Security
Permissions should be consistent with the GitLab permission model
Documentation
Documentation for the WAF does need to be updated to describe this feature
Availability & Testing
The following tests will be performed as appropriate:
- Unit tests
- End-to-end test
- Load / scale testing with lots of environments producing lots of logs
What does success look like, and how can we measure that?
Success Criteria:
- Users are able to view the logs for their WAF in the GitLab UI
Acceptance Criteria:
- Latency from the time a log is generated to when it appears in the UI is not greater than one minute
- The GitLab product does not experience a significant performance impact when a full 30 days of logs from multiple environments are available to be shown in the GitLab UI