[2024-02-25T[Link],984][WARN ][[Link].

elasticsearch][zscaler]
[c737978fd5a2978fe26502c76557710a8c3a66b77a5a753c6242c5ba108388bb] Could not index
event to Elasticsearch. {:status=>400, :action=>["index",
{:_id=>nil, :_index=>"yokogawa-yhq-zscaler1", :routing=>nil}, {"protocol"=>"HTTP",
"[Link]"=>"[Link]", "riskscore"=>"0",
"useragent"=>"BuffaloNASSMART:8d7d2decdf0b347b14c543593ed8dde06edcc08c1f165ccb11f92
438a2217178f1a3e27347ed5e9fa2cda901457c7a718dc1a2e017584c18e6e5c9aab0edd25d,TS5210D
,5.64-
0.09,1,bfd92c2fc11ba4e35002949032be386f75a16e247ffcff5f1109ee38f22d82ad10c68226a4d7
4fac3e2d50218751905f0e2471d0737770dbe6bf826a8102ca4b,WDC WD10EFRX-
68FYTN0,82.00A82,513868214272,965794975744,0,0,raid1,,200,200,051,0x0,,,,,161,132,0
21,0xb5c,100,100,000,0x15,200,200,140,0x0,,,,,200,200,000,0x0,,,,,066,066,000,0x62d
b,100,253,000,0x0,100,253,000,0x0,100,100,000,0x15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,200,200,000,0x9,200,200,000,0xb,114,108,000,0x1d,,,,,200,200,00
0,0x0,200,200,000,0x0,100,253,000,0x0,200,200,000,0x0,100,253,000,0x0,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,", "appname"=>"General Browsing",
"urlsupercat"=>"Education", "reason"=>"None", "rulelabel"=>"None", "stime"=>"5",
"ctime"=>"5", "unscannable"=>"Other", "[Link]"=>"NA",
"[Link]"=>"None", "log"=>{"file"=>{"path"=>"/var/log/zscaler/[Link]-
2024022500-1708819201"}}, "[Link]"=>"560", "dlpengine"=>"None",
"[Link]"=>"None", "event"=>{"original"=>"Feb 24 [Link] bot001-
[Link] \"Sun Feb 25 [Link] 2024\",\"yokogawa_JP_5DC_main-
>yokogawa_5DC_main_auth\",\"HTTP\",\"[Link]/buffalo-
nas_smart_aitopredictfailure\",\"Allowed\",\"General Browsing\",\"General
Browsing\",\"1718\",\"560\",\"5\",\"5\",\"Business
Use\",\"Education\",\"Science/Tech\",\"None\",\"None\",\"0\",\"None\",\"None\",\"yo
kogawa_JP_5DC_main->yokogawa_5DC_main_auth\",\"Default
Department\",\"[Link]\",\"[Link]\",\"GET\",\"200\",\"BuffaloNASSMART:8d
7d2decdf0b347b14c543593ed8dde06edcc08c1f165ccb11f92438a2217178f1a3e27347ed5e9fa2cda
901457c7a718dc1a2e017584c18e6e5c9aab0edd25d,TS5210D,5.64-
0.09,1,bfd92c2fc11ba4e35002949032be386f75a16e247ffcff5f1109ee38f22d82ad10c68226a4d7
4fac3e2d50218751905f0e2471d0737770dbe6bf826a8102ca4b,WDC WD10EFRX-
68FYTN0,82.00A82,513868214272,965794975744,0,0,raid1,,200,200,051,0x0,,,,,161,132,0
21,0xb5c,100,100,000,0x15,200,200,140,0x0,,,,,200,200,000,0x0,,,,,066,066,000,0x62d
b,100,253,000,0x0,100,253,000,0x0,100,100,000,0x15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,200,200,000,0x9,200,200,000,0xb,114,108,000,0x1d,,,,,200,200,00
0,0x0,200,200,000,0x0,100,253,000,0x0,200,200,000,0x0,100,253,000,0x0,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\",\"None\",\"None\",\"None\",\"Other\",\"
None\",\"NA\",\"NA\",\"None\",\"None\",\"None\",\"None\",\"None\",\"[Link]\
",\"None\",\"None\",\"None\",\"Allowed\""}, "@version"=>"1", "appclass"=>"General
Browsing", "contenttype"=>"None", "action"=>"Allowed", "[Link]"=>"None",
"@timestamp"=>2024-02-24T[Link].000Z, "dlpdictionary"=>"None", "timestamp"=>"Sun
Feb 25 [Link] 2024", "[Link]"=>"GET", "urldomain"=>"[Link]",
"[Link].status_code"=>"200", "[Link]"=>"[Link]",
"location"=>"yokogawa_JP_5DC_main->yokogawa_5DC_main_auth", "urlclass"=>"Business
Use", "[Link]"=>"None", "column44"=>"Allowed", "[Link]"=>"None",
"[Link]"=>"1718", "[Link].md5"=>"NA", "malwareclass"=>"None",
"threatname"=>"[Link]", "[Link]"=>"None", "urlcat"=>"Science/Tech",
"url"=>"[Link]/buffalo-nas_smart_aitopredictfailure", "malwarecat"=>"None",
"ruletype"=>"None"}], :response=>{"index"=>{"status"=>400,
"error"=>{"type"=>"document_parsing_exception", "reason"=>"[1:1995] failed to parse
field [[Link]] of type [ip] in document with id 'k5CS3Y0BVklrXWJFQFQk'.
Preview of field's value: 'None'",
"caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"'None' is not an IP
string literal."}}}}}
[2024-02-25T[Link],033][WARN ][[Link]][zscaler]
[c737978fd5a2978fe26502c76557710a8c3a66b77a5a753c6242c5ba108388bb] Could not index
event to Elasticsearch. {:status=>400, :action=>["index",
{:_id=>nil, :_index=>"yokogawa-yhq-zscaler1", :routing=>nil}, {"protocol"=>"HTTP",
"[Link]"=>"[Link]", "riskscore"=>"0",
"useragent"=>"BuffaloNASSMART:8d7d2decdf0b347b14c543593ed8dde06edcc08c1f165ccb11f92
438a2217178f1a3e27347ed5e9fa2cda901457c7a718dc1a2e017584c18e6e5c9aab0edd25d,TS5210D
,5.64-
0.09,2,9775648a6ea12c57fa96672fe3d0492d3785a220f8ca8ae1d667dbad5123d19598d6ad071f3f
cedc2dd3dfa9ec2c90cc8f139d2ba0b4b1f55b868eb4f7e19b38,WDC WD10EFRX-
68FYTN0,82.00A82,513868214272,965794975744,0,0,raid1,,200,200,051,0x0,,,,,135,135,0
21,0x1091,100,100,000,0x14,200,200,140,0x0,,,,,200,200,000,0x0,,,,,066,066,000,0x62
d8,100,253,000,0x0,100,253,000,0x0,100,100,000,0x14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,200,200,000,0x8,200,200,000,0xb,112,108,000,0x1f,,,,,200,200,0
00,0x0,200,200,000,0x0,100,253,000,0x0,200,200,000,0x0,100,253,000,0x0,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,", "appname"=>"General Browsing",
"urlsupercat"=>"Education", "reason"=>"None", "rulelabel"=>"None", "stime"=>"5",
"ctime"=>"6", "unscannable"=>"Other", "[Link]"=>"NA",
"[Link]"=>"None", "log"=>{"file"=>{"path"=>"/var/log/zscaler/[Link]-
2024022500-1708819201"}}, "[Link]"=>"560", "dlpengine"=>"None",
"[Link]"=>"None", "event"=>{"original"=>"Feb 24 [Link] bot001-
[Link] \"Sun Feb 25 [Link] 2024\",\"yokogawa_JP_5DC_main-
>yokogawa_5DC_main_auth\",\"HTTP\",\"[Link]/buffalo-
nas_smart_aitopredictfailure\",\"Allowed\",\"General Browsing\",\"General
Browsing\",\"1719\",\"560\",\"5\",\"6\",\"Business
Use\",\"Education\",\"Science/Tech\",\"None\",\"None\",\"0\",\"None\",\"None\",\"yo
kogawa_JP_5DC_main->yokogawa_5DC_main_auth\",\"Default
Department\",\"[Link]\",\"[Link]\",\"GET\",\"200\",\"BuffaloNASSMART:8d
7d2decdf0b347b14c543593ed8dde06edcc08c1f165ccb11f92438a2217178f1a3e27347ed5e9fa2cda
901457c7a718dc1a2e017584c18e6e5c9aab0edd25d,TS5210D,5.64-
0.09,2,9775648a6ea12c57fa96672fe3d0492d3785a220f8ca8ae1d667dbad5123d19598d6ad071f3f
cedc2dd3dfa9ec2c90cc8f139d2ba0b4b1f55b868eb4f7e19b38,WDC WD10EFRX-
68FYTN0,82.00A82,513868214272,965794975744,0,0,raid1,,200,200,051,0x0,,,,,135,135,0
21,0x1091,100,100,000,0x14,200,200,140,0x0,,,,,200,200,000,0x0,,,,,066,066,000,0x62
d8,100,253,000,0x0,100,253,000,0x0,100,100,000,0x14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,200,200,000,0x8,200,200,000,0xb,112,108,000,0x1f,,,,,200,200,0
00,0x0,200,200,000,0x0,100,253,000,0x0,200,200,000,0x0,100,253,000,0x0,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\",\"None\",\"None\",\"None\",\"Other\",\
"None\",\"NA\",\"NA\",\"None\",\"None\",\"None\",\"None\",\"None\",\"[Link]
\",\"None\",\"None\",\"None\",\"Allowed\""}, "@version"=>"1", "appclass"=>"General
Browsing", "contenttype"=>"None", "action"=>"Allowed", "[Link]"=>"None",
"@timestamp"=>2024-02-24T[Link].000Z, "dlpdictionary"=>"None", "timestamp"=>"Sun
Feb 25 [Link] 2024", "[Link]"=>"GET", "urldomain"=>"[Link]",
"[Link].status_code"=>"200", "[Link]"=>"[Link]",
"location"=>"yokogawa_JP_5DC_main->yokogawa_5DC_main_auth", "urlclass"=>"Business
Use", "[Link]"=>"None", "column44"=>"Allowed", "[Link]"=>"None",
"[Link]"=>"1719", "[Link].md5"=>"NA", "malwareclass"=>"None",
"threatname"=>"[Link]", "[Link]"=>"None", "urlcat"=>"Science/Tech",
"url"=>"[Link]/buffalo-nas_smart_aitopredictfailure", "malwarecat"=>"None",
"ruletype"=>"None"}], :response=>{"index"=>{"status"=>400,
"error"=>{"type"=>"document_parsing_exception", "reason"=>"[1:1996] failed to parse
field [[Link]] of type [ip] in document with id '5pCS3Y0BVklrXWJFQFVo'.
Preview of field's value: 'None'",
"caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"'None' is not an IP
string literal."}}}}}
[2024-02-25T[Link],532][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link]/
contents/applicantdetail/download_dssreport.aspx?
StepNo=442&OBSID=00019539\\\",\\\"Allowed\\\",\\\"General Browsing\\\",\\\"General
Browsing\\\",\\\"1300\\\",\\\"106633\\\",\\\"303\\\",\\\"367\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Professional
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"YPHQ CONC Edge Sol. Div. Hardware Dept. Sec.
1\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"200\\\",\\\"Mozill
a/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/[Link] Safari/537.36
Edg/[Link]\\\",\\\"[Link]/v2/tablet/inputevaluation\\\",\\\"None\\\",\\
\"None\\\",\\\"application/
pdf\\\",\\\"None\\\",\\\"00111859\\\",\\\"CPCaVIJ0xFBrut9\\\",\\\"None\\\",\\\"Othe
r Documents\\\",\\\"Portable Document Format (pdf)\\\",\\\"pdf\\\",\\\"DSS\\x83\\
x8C\\x83|\\x81[\\
x83g_00019539.pdf\\\",\\\"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",
\\\"Allowed\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],043][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link]/
contents/applicantdetail/download_dssreport.aspx?
StepNo=442&OBSID=00020681\\\",\\\"Allowed\\\",\\\"General Browsing\\\",\\\"General
Browsing\\\",\\\"1307\\\",\\\"105708\\\",\\\"827\\\",\\\"902\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Professional
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"D-Sol HQ SDC Systems Software R&D Dept. Tech. Sec.
1\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"200\\\",\\\"Mozilla
/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/[Link] Safari/537.36
Edg/[Link]\\\",\\\"[Link]/v2/tablet/inputevaluation\\\",\\\"None\\\",\\
\"None\\\",\\\"application/
pdf\\\",\\\"None\\\",\\\"00112345\\\",\\\"CPCpxU7HlLYE0ca\\\",\\\"None\\\",\\\"Othe
r Documents\\\",\\\"Portable Document Format (pdf)\\\",\\\"pdf\\\",\\\"DSS\\x83\\
x8C\\x83|\\x81[\\
x83g_00020681.pdf\\\",\\\"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",
\\\"Allowed\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],648][WARN ][[Link]][zscaler]
[c737978fd5a2978fe26502c76557710a8c3a66b77a5a753c6242c5ba108388bb] Could not index
event to Elasticsearch. {:status=>400, :action=>["index",
{:_id=>nil, :_index=>"yokogawa-yhq-zscaler1", :routing=>nil}, {"protocol"=>"HTTP",
"[Link]"=>"[Link]", "riskscore"=>"0",
"useragent"=>"BuffaloNASSMART:1ea3d446a278727f18bae99630335d49b3785b14ce4c6ecd7c510
fb4c1d1c27ca5e5d7ad093b4193aa2823d87b4ec15edccd0ab3e137d94d131c0ad4054beb24,TS5410D
,5.80-
0.02,1,8fc63ffe7534d7ab973ded7ab5f52a2a290053665627f739b5c16894548eb5b6bad721a04025
808c0fa7eb8c5ff806d3bf98f13eefa6d769e3b4c3f3599d30d0,ST2000VN004-
2E4164,SC60,749730381824,5900945850368,0,0,raid5,,120,099,006,0xe1e9928,,,,,096,095
,000,0x0,100,100,020,0x1d,100,100,010,0x0,,,,,087,060,030,0x23de575b,,,,,080,080,00
0,0x45a7,100,100,097,0x0,,,,,100,100,020,0x1d,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,100,099,0x0,,
,,,,,,,100,100,000,0x0,100,100,000,0x0,093,093,000,0x7,075,069,045,0x19,100,100,000
,0x0,100,100,000,0x12,100,100,000,0x4f,025,040,000,0x19,,,,,,,,,100,100,000,0x0,100
,100,000,0x0,200,200,000,0x0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,", "appname"=>"General Browsing", "urlsupercat"=>"Education", "reason"=>"None",
"rulelabel"=>"None", "stime"=>"6", "ctime"=>"6", "unscannable"=>"Other",
"[Link]"=>"NA", "[Link]"=>"None",
"log"=>{"file"=>{"path"=>"/var/log/zscaler/[Link]-2024022501-1708825502"}},
"[Link]"=>"560", "dlpengine"=>"None", "[Link]"=>"None",
"event"=>{"original"=>"Feb 25 [Link] [Link] \"Sun Feb 25
[Link] 2024\",\"yokogawa_JP_5DC_main->Server id Relc Proxy id Exchange
noauth\",\"HTTP\",\"[Link]/buffalo-
nas_smart_aitopredictfailure\",\"Allowed\",\"General Browsing\",\"General
Browsing\",\"1894\",\"560\",\"6\",\"6\",\"Business
Use\",\"Education\",\"Science/Tech\",\"None\",\"None\",\"0\",\"None\",\"None\",\"yo
kogawa_JP_5DC_main->Server id Relc Proxy id Exchange noauth\",\"Default
Department\",\"[Link]\",\"[Link]\",\"GET\",\"200\",\"BuffaloNASSMART:1ea3
d446a278727f18bae99630335d49b3785b14ce4c6ecd7c510fb4c1d1c27ca5e5d7ad093b4193aa2823d
87b4ec15edccd0ab3e137d94d131c0ad4054beb24,TS5410D,5.80-
0.02,1,8fc63ffe7534d7ab973ded7ab5f52a2a290053665627f739b5c16894548eb5b6bad721a04025
808c0fa7eb8c5ff806d3bf98f13eefa6d769e3b4c3f3599d30d0,ST2000VN004-
2E4164,SC60,749730381824,5900945850368,0,0,raid5,,120,099,006,0xe1e9928,,,,,096,095
,000,0x0,100,100,020,0x1d,100,100,010,0x0,,,,,087,060,030,0x23de575b,,,,,080,080,00
0,0x45a7,100,100,097,0x0,,,,,100,100,020,0x1d,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,100,099,0x0,,
,,,,,,,100,100,000,0x0,100,100,000,0x0,093,093,000,0x7,075,069,045,0x19,100,100,000
,0x0,100,100,000,0x12,100,100,000,0x4f,025,040,000,0x19,,,,,,,,,100,100,000,0x0,100
,100,000,0x0,200,200,000,0x0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,\",\"None\",\"None\",\"None\",\"Other\",\"None\",\"NA\",\"NA\",\"None\",\"None\
",\"None\",\"None\",\"None\",\"[Link]\",\"None\",\"None\",\"None\",\"Allowe
d\""}, "@version"=>"1", "appclass"=>"General Browsing", "contenttype"=>"None",
"action"=>"Allowed", "[Link]"=>"None", "@timestamp"=>2024-02-25T[Link].000Z,
"dlpdictionary"=>"None", "timestamp"=>"Sun Feb 25 [Link] 2024",
"[Link]"=>"GET", "urldomain"=>"[Link]",
"[Link].status_code"=>"200", "[Link]"=>"[Link]",
"location"=>"yokogawa_JP_5DC_main->Server id Relc Proxy id Exchange noauth",
"urlclass"=>"Business Use", "[Link]"=>"None", "column44"=>"Allowed",
"[Link]"=>"None", "[Link]"=>"1894", "[Link].md5"=>"NA",
"malwareclass"=>"None", "threatname"=>"[Link]", "[Link]"=>"None",
"urlcat"=>"Science/Tech", "url"=>"[Link]/buffalo-
nas_smart_aitopredictfailure", "malwarecat"=>"None",
"ruletype"=>"None"}], :response=>{"index"=>{"status"=>400,
"error"=>{"type"=>"document_parsing_exception", "reason"=>"[1:2040] failed to parse
field [[Link]] of type [ip] in document with id 'zDHw3Y0B0DUfrktZh1hu'.
Preview of field's value: 'None'",
"caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"'None' is not an IP
string literal."}}}}}
[2024-02-25T[Link],968][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link]/
contents/applicantdetail/download_dssreport.aspx?
StepNo=442&OBSID=00019496\\\",\\\"Allowed\\\",\\\"General Browsing\\\",\\\"General
Browsing\\\",\\\"1307\\\",\\\"120587\\\",\\\"3459\\\",\\\"3540\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Professional
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"D-Sol HQ SDC Systems Software R&D Dept. Tech. Sec.
1\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"200\\\",\\\"Mozilla
/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/[Link] Safari/537.36
Edg/[Link]\\\",\\\"[Link]/v2/tablet/inputevaluation\\\",\\\"None\\\",\\
\"None\\\",\\\"application/
pdf\\\",\\\"None\\\",\\\"00112345\\\",\\\"CPCpxU7HlLYE0ca\\\",\\\"None\\\",\\\"Othe
r Documents\\\",\\\"Portable Document Format (pdf)\\\",\\\"pdf\\\",\\\"DSS\\x83\\
x8C\\x83|\\x81[\\
x83g_00019496.pdf\\\",\\\"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",
\\\"Allowed\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],601][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link]/
contents/applicantdetail/download_dssreport.aspx?
StepNo=442&OBSID=00019496\\\",\\\"Allowed\\\",\\\"General Browsing\\\",\\\"General
Browsing\\\",\\\"1307\\\",\\\"120587\\\",\\\"356\\\",\\\"438\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Professional
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"D-Sol HQ SDC Systems Software R&D Dept. Tech. Sec.
1\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"200\\\",\\\"Mozilla
/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/[Link] Safari/537.36
Edg/[Link]\\\",\\\"[Link]/v2/tablet/inputevaluation\\\",\\\"None\\\",\\
\"None\\\",\\\"application/
pdf\\\",\\\"None\\\",\\\"00112345\\\",\\\"CPCpxU7HlLYE0ca\\\",\\\"None\\\",\\\"Othe
r Documents\\\",\\\"Portable Document Format (pdf)\\\",\\\"pdf\\\",\\\"DSS\\x83\\
x8C\\x83|\\x81[\\
x83g_00019496.pdf\\\",\\\"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",
\\\"Allowed\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],130][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link]/
contents/applicantdetail/download_dssreport.aspx?
StepNo=442&OBSID=00020681\\\",\\\"Allowed\\\",\\\"General Browsing\\\",\\\"General
Browsing\\\",\\\"1307\\\",\\\"105708\\\",\\\"343\\\",\\\"490\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Professional
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"D-Sol HQ SDC Systems Software R&D Dept. Tech. Sec.
1\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"200\\\",\\\"Mozilla
/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/[Link] Safari/537.36
Edg/[Link]\\\",\\\"[Link]/v2/tablet/inputevaluation\\\",\\\"None\\\",\\
\"None\\\",\\\"application/
pdf\\\",\\\"None\\\",\\\"00112345\\\",\\\"CPCpxU7HlLYE0ca\\\",\\\"None\\\",\\\"Othe
r Documents\\\",\\\"Portable Document Format (pdf)\\\",\\\"pdf\\\",\\\"DSS\\x83\\
x8C\\x83|\\x81[\\
x83g_00020681.pdf\\\",\\\"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",
\\\"Allowed\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],014][WARN ][[Link]][zscaler]
[c737978fd5a2978fe26502c76557710a8c3a66b77a5a753c6242c5ba108388bb] Could not index
event to Elasticsearch. {:status=>400, :action=>["index",
{:_id=>nil, :_index=>"yokogawa-yhq-zscaler1", :routing=>nil}, {"protocol"=>"HTTP",
"[Link]"=>"[Link]", "riskscore"=>"0",
"useragent"=>"BuffaloNASSMART:f871adaa531dfc22aca1fb0d2f9629cf680bfca7384accf8e1c28
19430cc7b8140168d55734b44f9d91e171b73083c5579bb7c8a659148c60f512f473409a8f3,TS3420D
,5.80-
0.02,1,237d8039532a99aaa261cabd21f49c5a5cd93563689565bc0c2644e9cdd16297d348c3801a2a
f0dc64f70b3f2194942b9b8111c13b018a9cf49f24541de13dab,ST2000VN004-
2E4164,SC60,1485368467456,3930608918528,0,0,raid6,,119,099,006,0xc068da0,,,,,097,09
6,000,0x0,100,100,020,0x23,100,100,010,0x0,,,,,080,060,030,0x6e0a3c7,,,,,079,079,00
0,0x4a84,100,100,097,0x0,,,,,100,100,020,0x23,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,100,099,0x0,,
,,,,,,,100,100,000,0x0,100,100,000,0x0,083,083,000,0x11,072,060,045,0x1c,100,100,00
0,0x0,100,100,000,0x1a,100,100,000,0x55,028,040,000,0x1c,,,,,,,,,100,100,000,0x0,10
0,100,000,0x0,200,200,000,0x0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,", "appname"=>"General Browsing", "urlsupercat"=>"Education", "reason"=>"None",
"rulelabel"=>"None", "stime"=>"6", "ctime"=>"7", "unscannable"=>"Other",
"[Link]"=>"NA", "[Link]"=>"None",
"log"=>{"file"=>{"path"=>"/var/log/zscaler/[Link]-2024022502-1708829101"}},
"[Link]"=>"560", "dlpengine"=>"None", "[Link]"=>"None",
"event"=>{"original"=>"Feb 25 [Link] [Link] \"Sun Feb 25
[Link] 2024\",\"yokogawa_JP_5DC_main->Server id Relc Proxy id Exchange
noauth\",\"HTTP\",\"[Link]/buffalo-
nas_smart_aitopredictfailure\",\"Allowed\",\"General Browsing\",\"General
Browsing\",\"1896\",\"560\",\"6\",\"7\",\"Business
Use\",\"Education\",\"Science/Tech\",\"None\",\"None\",\"0\",\"None\",\"None\",\"yo
kogawa_JP_5DC_main->Server id Relc Proxy id Exchange noauth\",\"Default
Department\",\"[Link]\",\"[Link]\",\"GET\",\"200\",\"BuffaloNASSMART:f871
adaa531dfc22aca1fb0d2f9629cf680bfca7384accf8e1c2819430cc7b8140168d55734b44f9d91e171
b73083c5579bb7c8a659148c60f512f473409a8f3,TS3420D,5.80-
0.02,1,237d8039532a99aaa261cabd21f49c5a5cd93563689565bc0c2644e9cdd16297d348c3801a2a
f0dc64f70b3f2194942b9b8111c13b018a9cf49f24541de13dab,ST2000VN004-
2E4164,SC60,1485368467456,3930608918528,0,0,raid6,,119,099,006,0xc068da0,,,,,097,09
6,000,0x0,100,100,020,0x23,100,100,010,0x0,,,,,080,060,030,0x6e0a3c7,,,,,079,079,00
0,0x4a84,100,100,097,0x0,,,,,100,100,020,0x23,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,100,099,0x0,,
,,,,,,,100,100,000,0x0,100,100,000,0x0,083,083,000,0x11,072,060,045,0x1c,100,100,00
0,0x0,100,100,000,0x1a,100,100,000,0x55,028,040,000,0x1c,,,,,,,,,100,100,000,0x0,10
0,100,000,0x0,200,200,000,0x0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,\",\"None\",\"None\",\"None\",\"Other\",\"None\",\"NA\",\"NA\",\"None\",\"None
\",\"None\",\"None\",\"None\",\"[Link]\",\"None\",\"None\",\"None\",\"Allow
ed\""}, "@version"=>"1", "appclass"=>"General Browsing", "contenttype"=>"None",
"action"=>"Allowed", "[Link]"=>"None", "@timestamp"=>2024-02-25T[Link].000Z,
"dlpdictionary"=>"None", "timestamp"=>"Sun Feb 25 [Link] 2024",
"[Link]"=>"GET", "urldomain"=>"[Link]",
"[Link].status_code"=>"200", "[Link]"=>"[Link]",
"location"=>"yokogawa_JP_5DC_main->Server id Relc Proxy id Exchange noauth",
"urlclass"=>"Business Use", "[Link]"=>"None", "column44"=>"Allowed",
"[Link]"=>"None", "[Link]"=>"1896", "[Link].md5"=>"NA",
"malwareclass"=>"None", "threatname"=>"[Link]", "[Link]"=>"None",
"urlcat"=>"Science/Tech", "url"=>"[Link]/buffalo-
nas_smart_aitopredictfailure", "malwarecat"=>"None",
"ruletype"=>"None"}], :response=>{"index"=>{"status"=>400,
"error"=>{"type"=>"document_parsing_exception", "reason"=>"[1:2041] failed to parse
field [[Link]] of type [ip] in document with id 'Co0n3o0BVklrXWJFHSqQ'.
Preview of field's value: 'None'",
"caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"'None' is not an IP
string literal."}}}}}
[2024-02-25T[Link],327][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"us-
[Link]/certs/?
id=8b01a388108b2887e436d57984f6aa57&product=phantom&version=11.2.1.53537&edition=St
andard&language=zh-
CN&distID=&eutl=0&token=0078b0e40e7498e98020757aaf20ce16\\\",\\\"Allowed\\\",\\\"Ge
neral Browsing\\\",\\\"General
Browsing\\\",\\\"343\\\",\\\"362\\\",\\\"181\\\",\\\"181\\\",\\\"Business
Use\\\",\\\"Internet Communication\\\",\\\"Internet
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"Default
Department\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"POST\\\",\\\"302\\\",
\\\"\\xB8\\xA3 꿸\\u07FC\\xB6PDF\\xB1 ༭\\xC6\\
xF7\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"text/
html\\\",\\\"None\\\",\\\"30019148\\\",\\\"cpc439-
da1046\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"112
.87.56.101\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"Allowed\\\"", :expected_c
harset=>"UTF-8"}
[2024-02-25T[Link],428][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link].
com/pub/foxit/addonservice/certs/phantom/
[Link]\\\",\\\"Blocked\\\",\\\"Foxit\\\",\\\"System and
Development\\\",\\\"174\\\",\\\"14830\\\",\\\"0\\\",\\\"0\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Corporate
Marketing\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Roa
d Warrior\\\",\\\"Default
Department\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"403\\\",
\\\"\\xB8\\xA3 꿸\\u07FC\\xB6PDF\\xB1 ༭\\xC6\\
xF7\\\",\\\"None\\\",\\\"DevTools\\\",\\\"System_Develop_block_YCI_Group\\\",\\\"Ot
her\\\",\\\"None\\\",\\\"30019148\\\",\\\"cpc439-
da1046\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"[Link]\\\",\\\
"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"Not allowed the use
of this system and development site\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],610][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"us-
[Link]/certs/?
id=23b9bcb725f190a2172b0d8ee1584c10&product=phantom&version=11.2.1.53537&edition=St
andard&language=zh-
CN&distID=&eutl=1&token=eb0ad20eed44e055fdbf241e484e54b0\\\",\\\"Allowed\\\",\\\"Ge
neral Browsing\\\",\\\"General
Browsing\\\",\\\"343\\\",\\\"362\\\",\\\"168\\\",\\\"168\\\",\\\"Business
Use\\\",\\\"Internet Communication\\\",\\\"Internet
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"Default
Department\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"POST\\\",\\\"302\\\",
\\\"\\xB8\\xA3 꿸\\u07FC\\xB6PDF\\xB1 ༭\\xC6\\
xF7\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"text/
html\\\",\\\"None\\\",\\\"30019148\\\",\\\"cpc439-
da1046\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"112
.87.56.101\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"Allowed\\\"", :expected_c
harset=>"UTF-8"}
[2024-02-25T[Link],629][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link].
com/pub/foxit/addonservice/certs/phantom/
[Link]\\\",\\\"Blocked\\\",\\\"Foxit\\\",\\\"System and
Development\\\",\\\"174\\\",\\\"14830\\\",\\\"0\\\",\\\"0\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Corporate
Marketing\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Roa
d Warrior\\\",\\\"Default
Department\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"403\\\",
\\\"\\xB8\\xA3 꿸\\u07FC\\xB6PDF\\xB1 ༭\\xC6\\
xF7\\\",\\\"None\\\",\\\"DevTools\\\",\\\"System_Develop_block_YCI_Group\\\",\\\"Ot
her\\\",\\\"None\\\",\\\"30019148\\\",\\\"cpc439-
da1046\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"[Link]\\\",\\\
"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",\\\"Not allowed the use
of this system and development site\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],600][INFO ][[Link]] Reloading pipeline
{"[Link]"=>:azure_waf_access}
[2024-02-25T[Link],875][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],876][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: Stopping event processing
[2024-02-25T[Link],876][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: Shutting down all pumps
[2024-02-25T[Link],876][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 1: closing pump for reason Shutdown
[2024-02-25T[Link],876][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 1: pump shutdown for reason Shutdown
[2024-02-25T[Link],876][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 3: closing pump for reason Shutdown
[2024-02-25T[Link],876][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 3: pump shutdown for reason Shutdown
[2024-02-25T[Link],877][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 1: Setting receive handler to null
[2024-02-25T[Link],878][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 3: Setting receive handler to null
[2024-02-25T[Link],897][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],902][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: Stopping event processing
[2024-02-25T[Link],902][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: Shutting down all pumps
[2024-02-25T[Link],903][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 0: closing pump for reason Shutdown
[2024-02-25T[Link],903][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 0: pump shutdown for reason Shutdown
[2024-02-25T[Link],903][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 2: closing pump for reason Shutdown
[2024-02-25T[Link],903][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 2: pump shutdown for reason Shutdown
[2024-02-25T[Link],917][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 0: Setting receive handler to null
[2024-02-25T[Link],918][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 2: Setting receive handler to null
[2024-02-25T[Link],851][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],860][ERROR][[Link]] The
shutdown process appears to be stalled due to busy or blocked plugins. Check the
logs for more information.
[2024-02-25T[Link],552][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (3) as per the request.
[2024-02-25T[Link],553][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 3: Closing EH receiver
[2024-02-25T[Link],553][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_a02338_1708758473675_MF_a7fcfa_1708758473372]
[2024-02-25T[Link],553][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_a02338_1708758473675_MF_a7fcfa_1708758473372-InternalReceiver]
[2024-02-25T[Link],553][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
clientEntity[PR_a02338_1708758473675_MF_a7fcfa_1708758473372-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],553][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[PR_a02338_1708758473675_MF_a7fcfa_1708758473372-InternalReceiver],
linkName[LN_cf0c52_1708758473949_f80_G19], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],553][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[PR_a02338_1708758473675_MF_a7fcfa_1708758473372-InternalReceiver],
linkName[LN_cf0c52_1708758473949_f80_G19], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],554][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_a7fcfa_1708758473372], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],561][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[PR_a02338_1708758473675_MF_a7fcfa_1708758473372-
InternalReceiver], linkName[LN_cf0c52_1708758473949_f80_G19], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],561][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[PR_a02338_1708758473675_MF_a7fcfa_1708758473372-InternalReceiver],
linkName[LN_cf0c52_1708758473949_f80_G19], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],561][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_a7fcfa_1708758473372], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],561][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 3: Closing EH client
[2024-02-25T[Link],561][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[EC_19d06e_1708758473372]
[2024-02-25T[Link],561][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[MF_a7fcfa_1708758473372]
[2024-02-25T[Link],561][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_a7fcfa_1708758473372], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],562][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],562][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],562][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],562][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_a7fcfa_1708758473372],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
[Link] complete clientId[MF_a7fcfa_1708758473372],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_a7fcfa_1708758473372], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_a7fcfa_1708758473372],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],564][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionError messagingFactory[MF_a7fcfa_1708758473372], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed hostname[[Link]],
connectionId[MF_a7fcfa_1708758473372], error[n/a]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed name[MF_a7fcfa_1708758473372], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_a7fcfa_1708758473372], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],565][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_a7fcfa_1708758473372], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],565][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_a7fcfa_1708758473372], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3], condition[null],
description[null]
[2024-02-25T[Link],565][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionFinal hostname[[Link]],
connectionId[MF_a7fcfa_1708758473372], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],565][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_a7fcfa_1708758473372], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],570][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is closing.
(reason=Shutdown)
[2024-02-25T[Link],877][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],902][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],870][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (2) as per the request.
[2024-02-25T[Link],871][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 2: Closing EH receiver
[2024-02-25T[Link],871][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_bf2099_1708758473634_MF_17abfe_1708758473382]
[2024-02-25T[Link],871][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_bf2099_1708758473634_MF_17abfe_1708758473382-InternalReceiver]
[2024-02-25T[Link],871][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
clientEntity[PR_bf2099_1708758473634_MF_17abfe_1708758473382-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],871][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[PR_bf2099_1708758473634_MF_17abfe_1708758473382-InternalReceiver],
linkName[LN_18206b_1708758473937_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],871][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[PR_bf2099_1708758473634_MF_17abfe_1708758473382-InternalReceiver],
linkName[LN_18206b_1708758473937_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],871][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_17abfe_1708758473382], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],872][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[PR_bf2099_1708758473634_MF_17abfe_1708758473382-
InternalReceiver], linkName[LN_18206b_1708758473937_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],872][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[PR_bf2099_1708758473634_MF_17abfe_1708758473382-InternalReceiver],
linkName[LN_18206b_1708758473937_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],872][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_17abfe_1708758473382], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],873][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 2: Closing EH client
[2024-02-25T[Link],874][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[EC_fe5771_1708758473382]
[2024-02-25T[Link],874][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[MF_17abfe_1708758473382]
[2024-02-25T[Link],874][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_17abfe_1708758473382], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],879][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],879][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],879][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],879][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_17abfe_1708758473382],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
[Link] complete clientId[MF_17abfe_1708758473382],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_17abfe_1708758473382], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_17abfe_1708758473382],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],880][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionError messagingFactory[MF_17abfe_1708758473382], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed hostname[[Link]],
connectionId[MF_17abfe_1708758473382], error[n/a]
[2024-02-25T[Link],880][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed name[MF_17abfe_1708758473382], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],881][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_17abfe_1708758473382], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],881][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_17abfe_1708758473382], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],881][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_17abfe_1708758473382], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2], condition[null],
description[null]
[2024-02-25T[Link],881][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionFinal hostname[[Link]],
connectionId[MF_17abfe_1708758473382], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],881][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_17abfe_1708758473382], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],881][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is closing.
(reason=Shutdown)
[2024-02-25T[Link],914][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],934][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],433][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (1) as per the request.
[2024-02-25T[Link],433][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 1: Closing EH receiver
[2024-02-25T[Link],433][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_ca04d1_1708758508729_MF_4141f0_1708758508380]
[2024-02-25T[Link],433][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_ca04d1_1708758508729_MF_4141f0_1708758508380-InternalReceiver]
[2024-02-25T[Link],433][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
clientEntity[PR_ca04d1_1708758508729_MF_4141f0_1708758508380-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],433][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[PR_ca04d1_1708758508729_MF_4141f0_1708758508380-InternalReceiver],
linkName[LN_15f943_1708758508939_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],434][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[PR_ca04d1_1708758508729_MF_4141f0_1708758508380-InternalReceiver],
linkName[LN_15f943_1708758508939_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],434][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_4141f0_1708758508380], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],435][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[PR_ca04d1_1708758508729_MF_4141f0_1708758508380-
InternalReceiver], linkName[LN_15f943_1708758508939_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],435][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[PR_ca04d1_1708758508729_MF_4141f0_1708758508380-InternalReceiver],
linkName[LN_15f943_1708758508939_168_G28], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],435][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_4141f0_1708758508380], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],436][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: 1: Closing EH client
[2024-02-25T[Link],436][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[EC_978e42_1708758508380]
[2024-02-25T[Link],436][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[MF_4141f0_1708758508380]
[2024-02-25T[Link],440][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_4141f0_1708758508380], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],441][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],441][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],441][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],441][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_4141f0_1708758508380],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],441][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],441][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],441][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],442][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],442][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
[Link] complete clientId[MF_4141f0_1708758508380],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],442][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_4141f0_1708758508380], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],442][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_4141f0_1708758508380],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],442][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionError messagingFactory[MF_4141f0_1708758508380], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],446][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed hostname[[Link]],
connectionId[MF_4141f0_1708758508380], error[n/a]
[2024-02-25T[Link],446][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed name[MF_4141f0_1708758508380], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],446][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_4141f0_1708758508380], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],446][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_4141f0_1708758508380], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],446][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_4141f0_1708758508380], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1], condition[null],
description[null]
[2024-02-25T[Link],446][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionFinal hostname[[Link]],
connectionId[MF_4141f0_1708758508380], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],446][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_4141f0_1708758508380], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],447][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is closing.
(reason=Shutdown)
[2024-02-25T[Link],447][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
4fcf2a0c-6330-4c70-849d-e9190b511e71: Partition manager exiting
[2024-02-25T[Link],448][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],949][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],968][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],987][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],013][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],025][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>83,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>63, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"d617b80a9c207d6e4740dd3510eff36e5c13c487c4e5f777a1c6e6a76a71011b"}]=>[{"thre
ad_id"=>81, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],041][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (0) as per the request.
[2024-02-25T[Link],041][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 0: Closing EH receiver
[2024-02-25T[Link],041][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_303d89_1708758503869_MF_d101e6_1708758503406]
[2024-02-25T[Link],041][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[PR_303d89_1708758503869_MF_d101e6_1708758503406-InternalReceiver]
[2024-02-25T[Link],041][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
clientEntity[PR_303d89_1708758503869_MF_d101e6_1708758503406-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],041][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[PR_303d89_1708758503869_MF_d101e6_1708758503406-InternalReceiver],
linkName[LN_067512_1708758503941_c48d_G7], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],042][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[PR_303d89_1708758503869_MF_d101e6_1708758503406-InternalReceiver],
linkName[LN_067512_1708758503941_c48d_G7], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],043][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_d101e6_1708758503406], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],045][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[PR_303d89_1708758503869_MF_d101e6_1708758503406-
InternalReceiver], linkName[LN_067512_1708758503941_c48d_G7], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],049][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[PR_303d89_1708758503869_MF_d101e6_1708758503406-InternalReceiver],
linkName[LN_067512_1708758503941_c48d_G7], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],049][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_d101e6_1708758503406], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],049][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: 0: Closing EH client
[2024-02-25T[Link],049][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[EC_5ea8ac_1708758503406]
[2024-02-25T[Link],049][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] close:
clientId[MF_d101e6_1708758503406]
[2024-02-25T[Link],049][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_d101e6_1708758503406], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],050][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],050][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],050][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],050][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_d101e6_1708758503406],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],050][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],050][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],050][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
[Link] complete clientId[MF_d101e6_1708758503406],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_d101e6_1708758503406], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_d101e6_1708758503406],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],051][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionError messagingFactory[MF_d101e6_1708758503406], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed hostname[[Link]],
connectionId[MF_d101e6_1708758503406], error[n/a]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onTransportClosed name[MF_d101e6_1708758503406], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_d101e6_1708758503406], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],051][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_d101e6_1708758503406], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],051][INFO ][[Link]]
[azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] onSessionFinal
connectionId[MF_d101e6_1708758503406], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0], condition[null],
description[null]
[2024-02-25T[Link],051][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
onConnectionFinal hostname[[Link]],
connectionId[MF_d101e6_1708758503406], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],051][WARN ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8]
messagingFactory[MF_d101e6_1708758503406], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],052][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is closing.
(reason=Shutdown)
[2024-02-25T[Link],052][INFO ]
[[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] host logstash-
cef0aa83-9c35-42e2-a918-73b7168b652d: Partition manager exiting
[2024-02-25T[Link],052][INFO ][[Link]][azure_waf_access]
[78531fe84654ace086979c513427236139b5dde3f5dcf9bff215f68685381eb8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],252][INFO ][[Link] ][azure_waf_access]
Pipeline terminated {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],714][INFO ][[Link] ] Pipeline
`azure_waf_access` is configured with `pipeline.ecs_compatibility: v8` setting. All
plugins in this pipeline will default to `ecs_compatibility => v8` unless
explicitly configured otherwise.
[2024-02-25T[Link],738][INFO ][[Link]][azure_waf_access]
New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],807][INFO ][[Link]][azure_waf_access]
Elasticsearch pool URLs updated {:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],920][WARN ][[Link]][azure_waf_access]
Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],927][INFO ][[Link]][azure_waf_access]
Elasticsearch version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],927][WARN ][[Link]][azure_waf_access]
Detected a 6.x and above cluster: the `type` event field won't be used to determine
the document _type {:es_version=>8}
[2024-02-25T[Link],947][INFO ][[Link]][azure_waf_access]
Not eligible for data streams because config contains one or more settings that are
not compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-azure-waf", "ilm_policy"=>"yokogawa-ilm-policy",
"ilm_pattern"=>"000001"}
[2024-02-25T[Link],948][INFO ][[Link]][azure_waf_access]
Data streams auto configuration (`data_stream => auto` or unset) resolved to
`false`
[2024-02-25T[Link],956][INFO ][[Link] ][azure_waf_access] ECS
compatibility is enabled but `target` option was not specified. This may cause
fields to be set at the top-level of the event where they are likely to clash with
the Elastic Common Schema. It is recommended to set the `target` option to avoid
potential schema conflicts (if your data is ECS compliant or non-conflicting, feel
free to ignore this message)
[2024-02-25T[Link],962][WARN ][[Link] ][azure_waf_access] ECS
expect `target` value `geoip` in ["client", "destination", "host", "observer",
"server", "source"]
[2024-02-25T[Link],965][INFO ][[Link]]
[azure_waf_access] By not manually configuring a database path with `database =>`,
you accepted and agreed MaxMind EULA. For more details please visit
[Link]
[2024-02-25T[Link],965][INFO ][[Link] ][azure_waf_access] Using
geoip database
{:path=>"/var/lib/logstash/plugins/filters/geoip/1708740948/[Link]"}
[2024-02-25T[Link],968][INFO ][[Link]][azure_waf_access]
Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],975][WARN ][[Link] ][azure_waf_access]
'[Link]' is enabled and is likely less efficient, consider disabling if
preserving event order is not necessary
[2024-02-25T[Link],979][INFO ][[Link] ][azure_waf_access]
Starting pipeline {:pipeline_id=>"azure_waf_access", "[Link]"=>1,
"[Link]"=>125, "[Link]"=>50,
"pipeline.max_inflight"=>125, "[Link]"=>["/etc/logstash/conf.d/yhq-
[Link]"], :thread=>"#<Thread:0x33234838
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],059][INFO ][[Link] ][azure_waf_access]
Pipeline Java execution initialization time {"seconds"=>0.08}
[2024-02-25T[Link],071][INFO ][[Link] ][azure_waf_access]
Pipeline started {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],078][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],079][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],079][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: New EventProcessorHost created.
[2024-02-25T[Link],095][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],095][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],095][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: New EventProcessorHost created.
[2024-02-25T[Link],101][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],107][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],115][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Starting event processing.
[2024-02-25T[Link],116][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Starting event processing.
[2024-02-25T[Link],132][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e7a2ce_1708830578115], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],133][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_e7a2ce_1708830578115] [Link]
[2024-02-25T[Link],133][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115]
[2024-02-25T[Link],133][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],135][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e3cb0c_1708830578116], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],136][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_e3cb0c_1708830578116] [Link]
[2024-02-25T[Link],136][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116]
[2024-02-25T[Link],136][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],136][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116]
[2024-02-25T[Link],149][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115]
[2024-02-25T[Link],337][INFO ][[Link] ] Pipelines running
{:count=>6, :running_pipelines=>[:cucm, :yhq_cisco_asav_azure, :PA_FactoryPA_Threat
Intel, :zscaler, :ad, :azure_waf_access], :non_running_pipelines=>[]}
[2024-02-25T[Link],367][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116],
remoteContainer[0dee7b6fd199487aaf6cf57bcbf9a09c_G22]
[2024-02-25T[Link],368][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115],
remoteContainer[39ce30c621da453087261e8931457ffa_G13]
[2024-02-25T[Link],368][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e7a2ce_1708830578115], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],368][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_e7a2ce_1708830578115], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],377][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e3cb0c_1708830578116], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],378][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_e3cb0c_1708830578116], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],385][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],385][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],388][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],395][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],461][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_e3cb0c_1708830578116], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],461][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_e7a2ce_1708830578115], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_e3cb0c_1708830578116],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_e7a2ce_1708830578115],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],485][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],485][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Found partition with id: 0
[2024-02-25T[Link],485][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Found partition with id: 1
[2024-02-25T[Link],485][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Found partition with id: 2
[2024-02-25T[Link],485][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Found partition with id: 3
[2024-02-25T[Link],485][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],486][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Found partition with id: 0
[2024-02-25T[Link],486][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Found partition with id: 1
[2024-02-25T[Link],486][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Found partition with id: 2
[2024-02-25T[Link],486][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Found partition with id: 3
[2024-02-25T[Link],486][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_eff09e_1708830578115]
[2024-02-25T[Link],486][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_e7a2ce_1708830578115]
[2024-02-25T[Link],486][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_5ded27_1708830578116]
[2024-02-25T[Link],486][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_e3cb0c_1708830578116]
[2024-02-25T[Link],491][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],498][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],498][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],498][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],498][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_e7a2ce_1708830578115], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],494][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],498][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],494][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: creating new pump
[2024-02-25T[Link],499][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: Creating and opening event processor
instance
[2024-02-25T[Link],494][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: creating new pump
[2024-02-25T[Link],499][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: Creating and opening event processor
instance
[2024-02-25T[Link],493][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],500][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],500][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],500][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],500][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_e3cb0c_1708830578116], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],493][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],500][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],501][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],501][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],501][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],501][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],501][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_e3cb0c_1708830578116],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],512][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e3cb0c_1708830578116], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],512][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_e3cb0c_1708830578116],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],512][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_e3cb0c_1708830578116], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],512][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116], error[n/a]
[2024-02-25T[Link],512][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_e3cb0c_1708830578116], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],512][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],512][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_e3cb0c_1708830578116], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],512][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_e3cb0c_1708830578116], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],512][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e3cb0c_1708830578116], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],513][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is opening.
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: Opening EH client
[2024-02-25T[Link],513][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is opening.
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: Opening EH client
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_bc4c67_1708830578513], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],513][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_bc4c67_1708830578513] [Link]
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_bc4c67_1708830578513]
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_faffe8_1708830578513], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_bc4c67_1708830578513], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],514][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_faffe8_1708830578513] [Link]
[2024-02-25T[Link],514][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_faffe8_1708830578513]
[2024-02-25T[Link],514][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_faffe8_1708830578513], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],514][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_bc4c67_1708830578513]
[2024-02-25T[Link],514][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_faffe8_1708830578513]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_e7a2ce_1708830578115],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e7a2ce_1708830578115], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_e7a2ce_1708830578115],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],521][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_e7a2ce_1708830578115], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115], error[n/a]
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_e7a2ce_1708830578115], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],522][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],522][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_e7a2ce_1708830578115], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],522][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_e7a2ce_1708830578115], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],522][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_e7a2ce_1708830578115], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],604][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_faffe8_1708830578513],
remoteContainer[2635ff2b72224bf3a5d013237fd6ff08_G31]
[2024-02-25T[Link],609][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: Retrieved starting offset
1537600179320//1261884
[2024-02-25T[Link],609][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: Opening EH receiver with epoch 0 at
location offset[1537600179320], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],615][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],615][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_faffe8_1708830578513], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],615][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_faffe8_1708830578513], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],615][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],615][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],634][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_faffe8_1708830578513], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],634][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],634][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],635][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_faffe8_1708830578513],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],645][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_faffe8_1708830578513], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],645][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_faffe8_1708830578513], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],655][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_faffe8_1708830578513], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],655][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[1537600179320],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],655][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver],
linkName[LN_f6193b_1708830578655_f08_G31], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '1537600179320'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],664][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver],
linkName[LN_f6193b_1708830578655_f08_G31], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@4f14118
8}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],665][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], linkName[LN_f6193b_1708830578655_f08_G31], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],665][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: EH client and receiver creation finished
[2024-02-25T[Link],702][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_bc4c67_1708830578513],
remoteContainer[5524d93dbdef4c24a035bd29c242dc7f_G9]
[2024-02-25T[Link],702][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: Retrieved starting offset
6725932941216//1542094
[2024-02-25T[Link],703][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: Opening EH receiver with epoch 0 at
location offset[6725932941216], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],703][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],703][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_bc4c67_1708830578513], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],703][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_bc4c67_1708830578513], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],703][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],703][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],705][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_bc4c67_1708830578513], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],705][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],705][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],711][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_bc4c67_1708830578513],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],714][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_bc4c67_1708830578513], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],714][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_bc4c67_1708830578513], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],716][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_bc4c67_1708830578513], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],720][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[6725932941216],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],720][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver],
linkName[LN_32f5a3_1708830578720_dc7f_G9], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '6725932941216'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],726][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver],
linkName[LN_32f5a3_1708830578720_dc7f_G9], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@60a9ec2
4}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],726][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], linkName[LN_32f5a3_1708830578720_dc7f_G9], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],726][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: EH client and receiver creation finished
[2024-02-25T[Link],500][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: creating new pump
[2024-02-25T[Link],500][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: Creating and opening event processor
instance
[2024-02-25T[Link],502][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is opening.
[2024-02-25T[Link],502][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: Opening EH client
[2024-02-25T[Link],503][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_60679a_1708830608503], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],503][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_60679a_1708830608503] [Link]
[2024-02-25T[Link],503][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_60679a_1708830608503]
[2024-02-25T[Link],503][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_60679a_1708830608503], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],504][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_60679a_1708830608503]
[2024-02-25T[Link],500][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: creating new pump
[2024-02-25T[Link],505][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: Creating and opening event processor
instance
[2024-02-25T[Link],510][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is opening.
[2024-02-25T[Link],510][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: Opening EH client
[2024-02-25T[Link],510][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_470d4b_1708830608510], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],510][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_470d4b_1708830608510] [Link]
[2024-02-25T[Link],510][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_470d4b_1708830608510]
[2024-02-25T[Link],510][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_470d4b_1708830608510], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],511][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_470d4b_1708830608510]
[2024-02-25T[Link],554][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_470d4b_1708830608510],
remoteContainer[9903b5cd1588437bac195ce2a46989b1_G11]
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: Retrieved starting offset
1533306699224//1261759
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_60679a_1708830608503],
remoteContainer[72f450b5e0ac45b49a62ce277a8c1c7c_G20]
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: Opening EH receiver with epoch 0 at
location offset[1533306699224], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: Retrieved starting offset
6725944421856//1542328
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: Opening EH receiver with epoch 0 at
location offset[6725944421856], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],563][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_470d4b_1708830608510], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],563][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_470d4b_1708830608510], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_60679a_1708830608503], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],564][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_60679a_1708830608503], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],573][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_470d4b_1708830608510], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],573][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],573][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],573][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_470d4b_1708830608510],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],575][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_60679a_1708830608503], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],575][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],575][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],575][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_60679a_1708830608503],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],575][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_470d4b_1708830608510], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],576][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_470d4b_1708830608510], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_60679a_1708830608503], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],583][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_60679a_1708830608503], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],583][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_470d4b_1708830608510], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[1533306699224],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver],
linkName[LN_57bdd2_1708830608583_9b1_G11], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '1533306699224'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],585][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_60679a_1708830608503], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],585][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[6725944421856],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],585][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver],
linkName[LN_219140_1708830608585_c7c_G20], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '6725944421856'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],593][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver],
linkName[LN_57bdd2_1708830608583_9b1_G11], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@4adf80b
2}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],593][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], linkName[LN_57bdd2_1708830608583_9b1_G11], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],593][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver],
linkName[LN_219140_1708830608585_c7c_G20], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@3781d8c
d}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],593][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], linkName[LN_219140_1708830608585_c7c_G20], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],599][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: EH client and receiver creation finished
[2024-02-25T[Link],600][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: EH client and receiver creation finished
[2024-02-25T[Link],913][WARN ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] Received an
event that has a different character encoding than you configured. {:text=>"Feb 25
[Link] [Link] \\\"Sun Feb 25 [Link]
2024\\\",\\\"[Link]@[Link]\\\",\\\"HTTPS\\\",\\\"[Link]/
contents/applicantdetail/download_dssreport.aspx?
StepNo=442&OBSID=00019496\\\",\\\"Allowed\\\",\\\"General Browsing\\\",\\\"General
Browsing\\\",\\\"1307\\\",\\\"120587\\\",\\\"2865\\\",\\\"2948\\\",\\\"Business
Use\\\",\\\"Business and Economy\\\",\\\"Professional
Services\\\",\\\"None\\\",\\\"None\\\",\\\"0\\\",\\\"None\\\",\\\"None\\\",\\\"Road
Warrior\\\",\\\"D-Sol HQ SDC Systems Software R&D Dept. Tech. Sec.
1\\\",\\\"[Link]\\\",\\\"[Link]\\\",\\\"GET\\\",\\\"200\\\",\\\"Mozilla
/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/[Link] Safari/537.36
Edg/[Link]\\\",\\\"[Link]/v2/tablet/inputevaluation\\\",\\\"None\\\",\\
\"None\\\",\\\"application/
pdf\\\",\\\"None\\\",\\\"00112345\\\",\\\"CPCpxU7HlLYE0ca\\\",\\\"None\\\",\\\"Othe
r Documents\\\",\\\"Portable Document Format (pdf)\\\",\\\"pdf\\\",\\\"DSS\\x83\\
x8C\\x83|\\x81[\\
x83g_00019496.pdf\\\",\\\"[Link]\\\",\\\"None\\\",\\\"None\\\",\\\"None\\\",
\\\"Allowed\\\"", :expected_charset=>"UTF-8"}
[2024-02-25T[Link],224][WARN ][[Link] ] SIGTERM received.
Shutting down.
[2024-02-25T[Link],667][INFO ][[Link] ] QUIT - closing all
files and shutting down.
[2024-02-25T[Link],685][INFO ][[Link] ] QUIT - closing all
files and shutting down.
[2024-02-25T[Link],786][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Stopping event processing
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Shutting down all pumps
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: closing pump for reason Shutdown
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: pump shutdown for reason Shutdown
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: closing pump for reason Shutdown
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: pump shutdown for reason Shutdown
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: Setting receive handler to null
[2024-02-25T[Link],789][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: Setting receive handler to null
[2024-02-25T[Link],825][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Stopping event processing
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Shutting down all pumps
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: closing pump for reason Shutdown
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: pump shutdown for reason Shutdown
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: closing pump for reason Shutdown
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: pump shutdown for reason Shutdown
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: Setting receive handler to null
[2024-02-25T[Link],825][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: Setting receive handler to null
[2024-02-25T[Link],726][INFO ][[Link] ][cucm] Pipeline
terminated {"[Link]"=>"cucm"}
[2024-02-25T[Link],352][INFO ][[Link] ][yhq_cisco_asav_azure]
Pipeline terminated {"[Link]"=>"yhq_cisco_asav_azure"}
[2024-02-25T[Link],798][INFO ][[Link]] Removed pipeline from
registry successfully {:pipeline_id=>:cucm}
[2024-02-25T[Link],815][INFO ][[Link]] Removed pipeline from
registry successfully {:pipeline_id=>:yhq_cisco_asav_azure}
[2024-02-25T[Link],408][INFO ][[Link] ][ad] Pipeline terminated
{"[Link]"=>"ad"}
[2024-02-25T[Link],841][INFO ][[Link]] Removed pipeline from
registry successfully {:pipeline_id=>:ad}
[2024-02-25T[Link],087][INFO ][[Link] ]
[PA_FactoryPA_ThreatIntel] Pipeline terminated
{"[Link]"=>"PA_FactoryPA_ThreatIntel"}
[2024-02-25T[Link],660][INFO ][[Link]] Removed pipeline from
registry successfully {:pipeline_id=>:PA_FactoryPA_ThreatIntel}
[2024-02-25T[Link],599][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],599][ERROR][[Link]] The
shutdown process appears to be stalled due to busy or blocked plugins. Check the
logs for more information.
[2024-02-25T[Link],688][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (0) as per the request.
[2024-02-25T[Link],688][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: Closing EH receiver
[2024-02-25T[Link],688][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_270293_1708830608563_MF_470d4b_1708830608510]
[2024-02-25T[Link],688][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver]
[2024-02-25T[Link],688][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],688][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver],
linkName[LN_57bdd2_1708830608583_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],688][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver],
linkName[LN_57bdd2_1708830608583_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],689][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_470d4b_1708830608510], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],690][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_270293_1708830608563_MF_470d4b_1708830608510-
InternalReceiver], linkName[LN_57bdd2_1708830608583_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],690][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_270293_1708830608563_MF_470d4b_1708830608510-InternalReceiver],
linkName[LN_57bdd2_1708830608583_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],690][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_470d4b_1708830608510], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],690][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 0: Closing EH client
[2024-02-25T[Link],690][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_0000d9_1708830608510]
[2024-02-25T[Link],690][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_470d4b_1708830608510]
[2024-02-25T[Link],690][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_470d4b_1708830608510], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],690][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],690][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],690][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],690][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_470d4b_1708830608510],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_470d4b_1708830608510],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_470d4b_1708830608510], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],694][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_470d4b_1708830608510],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],694][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_470d4b_1708830608510], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],694][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_470d4b_1708830608510], error[n/a]
[2024-02-25T[Link],694][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_470d4b_1708830608510], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],694][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_470d4b_1708830608510], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],694][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_470d4b_1708830608510], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],694][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_470d4b_1708830608510], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0], condition[null],
description[null]
[2024-02-25T[Link],694][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_470d4b_1708830608510], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],694][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_470d4b_1708830608510], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],695][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is closing.
(reason=Shutdown)
[2024-02-25T[Link],668][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],823][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],866][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],170][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (1) as per the request.
[2024-02-25T[Link],170][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: Closing EH receiver
[2024-02-25T[Link],170][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_c090c4_1708830578703_MF_bc4c67_1708830578513]
[2024-02-25T[Link],170][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver]
[2024-02-25T[Link],170][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],170][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver],
linkName[LN_32f5a3_1708830578720_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],170][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver],
linkName[LN_32f5a3_1708830578720_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],170][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_bc4c67_1708830578513], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],172][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-
InternalReceiver], linkName[LN_32f5a3_1708830578720_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],172][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_c090c4_1708830578703_MF_bc4c67_1708830578513-InternalReceiver],
linkName[LN_32f5a3_1708830578720_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],172][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_bc4c67_1708830578513], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],173][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 1: Closing EH client
[2024-02-25T[Link],173][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_f52706_1708830578513]
[2024-02-25T[Link],173][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_bc4c67_1708830578513]
[2024-02-25T[Link],173][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_bc4c67_1708830578513], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],173][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],173][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],173][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],173][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_bc4c67_1708830578513],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],175][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],175][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],175][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],175][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],175][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_bc4c67_1708830578513],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],175][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_bc4c67_1708830578513], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],179][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_bc4c67_1708830578513],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],179][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_bc4c67_1708830578513], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],179][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_bc4c67_1708830578513], error[n/a]
[2024-02-25T[Link],179][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_bc4c67_1708830578513], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],179][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_bc4c67_1708830578513], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],179][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_bc4c67_1708830578513], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],179][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_bc4c67_1708830578513], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1], condition[null],
description[null]
[2024-02-25T[Link],179][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_bc4c67_1708830578513], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],179][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_bc4c67_1708830578513], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],179][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is closing.
(reason=Shutdown)
[2024-02-25T[Link],935][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],005][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],107][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],229][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],809][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (3) as per the request.
[2024-02-25T[Link],809][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: Closing EH receiver
[2024-02-25T[Link],809][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_000155_1708830608563_MF_60679a_1708830608503]
[2024-02-25T[Link],809][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver]
[2024-02-25T[Link],809][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],809][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver],
linkName[LN_219140_1708830608585_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],809][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver],
linkName[LN_219140_1708830608585_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],809][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_60679a_1708830608503], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],812][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_000155_1708830608563_MF_60679a_1708830608503-
InternalReceiver], linkName[LN_219140_1708830608585_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],812][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_000155_1708830608563_MF_60679a_1708830608503-InternalReceiver],
linkName[LN_219140_1708830608585_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],812][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_60679a_1708830608503], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],813][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: 3: Closing EH client
[2024-02-25T[Link],813][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_39019d_1708830608503]
[2024-02-25T[Link],813][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_60679a_1708830608503]
[2024-02-25T[Link],813][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_60679a_1708830608503], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],813][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],813][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],813][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],813][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_60679a_1708830608503],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_60679a_1708830608503],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_60679a_1708830608503], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_60679a_1708830608503],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],821][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_60679a_1708830608503], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_60679a_1708830608503], error[n/a]
[2024-02-25T[Link],821][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_60679a_1708830608503], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],822][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_60679a_1708830608503], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],822][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_60679a_1708830608503], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],822][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_60679a_1708830608503], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3], condition[null],
description[null]
[2024-02-25T[Link],822][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_60679a_1708830608503], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],822][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_60679a_1708830608503], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],822][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is closing.
(reason=Shutdown)
[2024-02-25T[Link],828][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c8386931-7f84-402c-9b97-39e89a255cba: Partition manager exiting
[2024-02-25T[Link],829][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],287][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>343,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>338, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>342, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],142][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (2) as per the request.
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: Closing EH receiver
[2024-02-25T[Link],142][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_35474c_1708830578609_MF_faffe8_1708830578513]
[2024-02-25T[Link],142][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],143][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver],
linkName[LN_f6193b_1708830578655_f08_G31], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],143][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver],
linkName[LN_f6193b_1708830578655_f08_G31], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],143][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_faffe8_1708830578513], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],152][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_35474c_1708830578609_MF_faffe8_1708830578513-
InternalReceiver], linkName[LN_f6193b_1708830578655_f08_G31], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],152][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_35474c_1708830578609_MF_faffe8_1708830578513-InternalReceiver],
linkName[LN_f6193b_1708830578655_f08_G31], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],153][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_faffe8_1708830578513], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],153][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: 2: Closing EH client
[2024-02-25T[Link],153][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_fd73a0_1708830578513]
[2024-02-25T[Link],153][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_faffe8_1708830578513]
[2024-02-25T[Link],153][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_faffe8_1708830578513], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],153][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],153][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],153][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],154][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_faffe8_1708830578513],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],161][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],161][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],161][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],161][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],161][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_faffe8_1708830578513],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],161][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_faffe8_1708830578513], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],162][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_faffe8_1708830578513],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],162][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_faffe8_1708830578513], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],163][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_faffe8_1708830578513], error[n/a]
[2024-02-25T[Link],163][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_faffe8_1708830578513], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],163][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_faffe8_1708830578513], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],172][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_faffe8_1708830578513], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],172][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_faffe8_1708830578513], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2], condition[null],
description[null]
[2024-02-25T[Link],172][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_faffe8_1708830578513], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],172][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_faffe8_1708830578513], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],172][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is closing.
(reason=Shutdown)
[2024-02-25T[Link],172][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
116012d1-165a-4d71-b8a7-935f5f8dd0b5: Partition manager exiting
[2024-02-25T[Link],172][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],558][INFO ][[Link] ][azure_waf_access]
Pipeline terminated {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],316][INFO ][[Link]] Removed pipeline from
registry successfully {:pipeline_id=>:azure_waf_access}
[2024-02-25T[Link],934][INFO ][[Link] ] Log4j configuration
path used is: /etc/logstash/[Link]
[2024-02-25T[Link],980][INFO ][[Link] ] Starting Logstash
{"[Link]"=>"8.11.4", "[Link]"=>"jruby [Link] (3.1.4) 2023-11-02
1abae2700f OpenJDK 64-Bit Server VM 17.0.9+9 on 17.0.9+9 +indy +jit [x86_64-
linux]"}
[2024-02-25T[Link],997][INFO ][[Link] ] JVM bootstrap flags: [-
Xms4g, -Xmx4g, -[Link]=true, -[Link]=UTF-8, -
[Link]=true, -[Link]=0, -
[Link]=true, -XX:+HeapDumpOnOutOfMemoryError, -
[Link]=file:/dev/urandom, -[Link]=true,
--add-opens=[Link]/[Link]=ALL-UNNAMED, --add-opens=[Link]/[Link]=ALL-
UNNAMED, -[Link]=true,
--add-exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED,
--add-opens=[Link]/[Link]=ALL-UNNAMED, --add-opens=[Link]/[Link]=ALL-
UNNAMED, --add-opens=[Link]/[Link]=ALL-UNNAMED, --add-
opens=[Link]/[Link]=ALL-UNNAMED,
--add-opens=[Link]/[Link]=ALL-UNNAMED]
[2024-02-25T[Link],008][INFO ][[Link] ] Successfully started
Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2024-02-25T[Link],752][INFO ][[Link]] Reflections took 263
ms to scan 1 urls, producing 131 keys and 463 values
[2024-02-25T[Link],335][INFO ][[Link] ] Pipeline
`azure_waf_access` is configured with `pipeline.ecs_compatibility: v8` setting. All
plugins in this pipeline will default to `ecs_compatibility => v8` unless
explicitly configured otherwise.
[2024-02-25T[Link],499][INFO ][[Link]][azure_waf_access]
New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],277][INFO ][[Link]][azure_waf_access]
Elasticsearch pool URLs updated {:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],180][WARN ][[Link]][azure_waf_access]
Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],193][INFO ][[Link]][azure_waf_access]
Elasticsearch version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],202][WARN ][[Link]][azure_waf_access]
Detected a 6.x and above cluster: the `type` event field won't be used to determine
the document _type {:es_version=>8}
[2024-02-25T[Link],312][INFO ][[Link]][azure_waf_access]
Not eligible for data streams because config contains one or more settings that are
not compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-azure-waf", "ilm_policy"=>"yokogawa-ilm-policy",
"ilm_pattern"=>"000001"}
[2024-02-25T[Link],325][INFO ][[Link]][azure_waf_access]
Data streams auto configuration (`data_stream => auto` or unset) resolved to
`false`
[2024-02-25T[Link],375][INFO ][[Link] ][azure_waf_access] ECS
compatibility is enabled but `target` option was not specified. This may cause
fields to be set at the top-level of the event where they are likely to clash with
the Elastic Common Schema. It is recommended to set the `target` option to avoid
potential schema conflicts (if your data is ECS compliant or non-conflicting, feel
free to ignore this message)
[2024-02-25T[Link],393][WARN ][[Link] ][azure_waf_access] ECS
expect `target` value `geoip` in ["client", "destination", "host", "observer",
"server", "source"]
[2024-02-25T[Link],626][INFO ][[Link]][azure_waf_access]
Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],941][INFO ][[Link]] new
database version detected? true
[2024-02-25T[Link],286][INFO ][[Link]]
/var/lib/logstash/plugins/filters/geoip/1708740948 is deleted
[2024-02-25T[Link],318][INFO ][[Link]]
[azure_waf_access] By not manually configuring a database path with `database =>`,
you accepted and agreed MaxMind EULA. For more details please visit
[Link]
[2024-02-25T[Link],327][INFO ][[Link] ][azure_waf_access] Using
geoip database
{:path=>"/var/lib/logstash/plugins/filters/geoip/1708831720/[Link]"}
[2024-02-25T[Link],359][WARN ][[Link] ][azure_waf_access]
'[Link]' is enabled and is likely less efficient, consider disabling if
preserving event order is not necessary
[2024-02-25T[Link],506][INFO ][[Link] ][azure_waf_access]
Starting pipeline {:pipeline_id=>"azure_waf_access", "[Link]"=>1,
"[Link]"=>125, "[Link]"=>50,
"pipeline.max_inflight"=>125, "[Link]"=>["/etc/logstash/conf.d/yhq-
[Link]"], :thread=>"#<Thread:0x5ae14ca0
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],132][INFO ][[Link] ][azure_waf_access]
Pipeline Java execution initialization time {"seconds"=>1.62}
[2024-02-25T[Link],174][INFO ][[Link] ][azure_waf_access]
Pipeline started {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],234][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],235][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],254][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: New EventProcessorHost created.
[2024-02-25T[Link],266][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],274][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],275][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: New EventProcessorHost created.
[2024-02-25T[Link],285][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],296][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],306][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Starting event processing.
[2024-02-25T[Link],317][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Starting event processing.
[2024-02-25T[Link],347][INFO ][[Link] ] Pipelines running
{:count=>1, :running_pipelines=>[:azure_waf_access], :non_running_pipelines=>[]}
[2024-02-25T[Link],408][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_922878_1708831733355], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],418][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_922878_1708831733355] [Link]
[2024-02-25T[Link],436][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_922878_1708831733355]
[2024-02-25T[Link],437][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_922878_1708831733355], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],457][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_4468b6_1708831733355], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],458][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_4468b6_1708831733355] [Link]
[2024-02-25T[Link],459][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_4468b6_1708831733355]
[2024-02-25T[Link],459][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_4468b6_1708831733355], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],768][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_922878_1708831733355]
[2024-02-25T[Link],761][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_4468b6_1708831733355]
[2024-02-25T[Link],332][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_922878_1708831733355],
remoteContainer[ae6edd6b04964a91871b87029353311c_G35]
[2024-02-25T[Link],341][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_4468b6_1708831733355],
remoteContainer[3538939dc8d84a0db7fc62b0badb4713_G26]
[2024-02-25T[Link],374][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_4468b6_1708831733355], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],383][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_922878_1708831733355], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],411][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_922878_1708831733355], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],412][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_4468b6_1708831733355], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],423][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],431][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],431][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],424][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],434][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_4468b6_1708831733355], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],442][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],443][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],444][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_922878_1708831733355], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],444][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],444][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],463][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_4468b6_1708831733355],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],466][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_922878_1708831733355],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],482][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],483][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Found partition with id: 0
[2024-02-25T[Link],483][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Found partition with id: 1
[2024-02-25T[Link],483][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Found partition with id: 2
[2024-02-25T[Link],483][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Found partition with id: 3
[2024-02-25T[Link],483][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_3eb249_1708831733328]
[2024-02-25T[Link],483][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_922878_1708831733355]
[2024-02-25T[Link],482][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],484][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Found partition with id: 0
[2024-02-25T[Link],484][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Found partition with id: 1
[2024-02-25T[Link],484][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Found partition with id: 2
[2024-02-25T[Link],484][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Found partition with id: 3
[2024-02-25T[Link],493][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_0e0ca8_1708831733327]
[2024-02-25T[Link],494][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_4468b6_1708831733355]
[2024-02-25T[Link],506][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],507][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],521][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_4468b6_1708831733355], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],522][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_922878_1708831733355], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],523][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],523][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],523][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],523][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_922878_1708831733355], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],533][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],534][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],535][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],535][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],535][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],543][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],544][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_922878_1708831733355],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],544][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_922878_1708831733355], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],553][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_922878_1708831733355],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],553][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_922878_1708831733355], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],554][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],562][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],554][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_922878_1708831733355], error[n/a]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_922878_1708831733355], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],565][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_922878_1708831733355], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],566][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_922878_1708831733355], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],574][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_922878_1708831733355], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],574][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_922878_1708831733355], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],571][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: creating new pump
[2024-02-25T[Link],555][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],566][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: creating new pump
[2024-02-25T[Link],583][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_4468b6_1708831733355], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],585][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],585][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],585][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],586][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],586][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_4468b6_1708831733355],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],586][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_4468b6_1708831733355], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],586][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_4468b6_1708831733355],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],586][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_4468b6_1708831733355], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],586][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_4468b6_1708831733355], error[n/a]
[2024-02-25T[Link],586][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_4468b6_1708831733355], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],586][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_4468b6_1708831733355], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],587][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_4468b6_1708831733355], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],591][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_4468b6_1708831733355], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],591][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_4468b6_1708831733355], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],593][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: Creating and opening event processor
instance
[2024-02-25T[Link],695][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: Creating and opening event processor
instance
[2024-02-25T[Link],777][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is opening.
[2024-02-25T[Link],777][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: Opening EH client
[2024-02-25T[Link],777][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is opening.
[2024-02-25T[Link],784][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: Opening EH client
[2024-02-25T[Link],785][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba6c2b_1708831734785], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],786][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_ba6c2b_1708831734785] [Link]
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba4833_1708831734785], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],786][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_ba4833_1708831734785] [Link]
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_ba4833_1708831734785]
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_ba4833_1708831734785], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],787][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_ba4833_1708831734785]
[2024-02-25T[Link],786][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785]
[2024-02-25T[Link],797][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],804][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785]
[2024-02-25T[Link],885][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_ba4833_1708831734785],
remoteContainer[9903b5cd1588437bac195ce2a46989b1_G11]
[2024-02-25T[Link],887][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],887][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],888][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785],
remoteContainer[72f450b5e0ac45b49a62ce277a8c1c7c_G20]
[2024-02-25T[Link],895][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],895][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],926][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],928][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],937][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba6c2b_1708831734785], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],937][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_ba6c2b_1708831734785], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],938][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],938][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],947][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_ba6c2b_1708831734785], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],947][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],947][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],948][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_ba6c2b_1708831734785],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],965][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba4833_1708831734785], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],966][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_ba4833_1708831734785], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],980][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba6c2b_1708831734785], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],980][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_ba6c2b_1708831734785], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],986][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],986][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],988][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_ba6c2b_1708831734785], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],988][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],995][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_ba4833_1708831734785], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],996][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],996][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],997][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_ba4833_1708831734785],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],007][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba4833_1708831734785], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],008][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_ba4833_1708831734785], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],017][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver],
linkName[LN_9d3508_1708831735016_c7c_G20], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],025][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_ba4833_1708831734785], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],025][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],026][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver],
linkName[LN_68bbbf_1708831735025_9b1_G11], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],039][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver],
linkName[LN_68bbbf_1708831735025_9b1_G11], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@60adf2f
3}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],048][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], linkName[LN_68bbbf_1708831735025_9b1_G11], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],056][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver],
linkName[LN_9d3508_1708831735016_c7c_G20], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@eedf9fc
}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],066][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], linkName[LN_9d3508_1708831735016_c7c_G20], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],068][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: EH client and receiver creation finished
[2024-02-25T[Link],049][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: EH client and receiver creation finished
[2024-02-25T[Link],613][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: creating new pump
[2024-02-25T[Link],614][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: Creating and opening event processor
instance
[2024-02-25T[Link],625][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is opening.
[2024-02-25T[Link],625][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: Opening EH client
[2024-02-25T[Link],626][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_0be1c1_1708831764625], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],626][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_0be1c1_1708831764625] [Link]
[2024-02-25T[Link],626][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_0be1c1_1708831764625]
[2024-02-25T[Link],627][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_0be1c1_1708831764625], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],627][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_0be1c1_1708831764625]
[2024-02-25T[Link],697][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: creating new pump
[2024-02-25T[Link],697][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: Creating and opening event processor
instance
[2024-02-25T[Link],704][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is opening.
[2024-02-25T[Link],705][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: Opening EH client
[2024-02-25T[Link],705][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_88d1fa_1708831764705], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],705][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_88d1fa_1708831764705] [Link]
[2024-02-25T[Link],706][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_88d1fa_1708831764705]
[2024-02-25T[Link],706][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_88d1fa_1708831764705], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],706][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_88d1fa_1708831764705]
[2024-02-25T[Link],754][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_0be1c1_1708831764625],
remoteContainer[8c430f54cd3e424d9acf5479afe7ad90_G21]
[2024-02-25T[Link],755][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],755][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],756][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],756][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_0be1c1_1708831764625], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],757][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_0be1c1_1708831764625], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],764][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],764][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],767][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_0be1c1_1708831764625], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],767][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],767][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],767][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_0be1c1_1708831764625],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],775][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_0be1c1_1708831764625], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],775][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_0be1c1_1708831764625], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],777][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_0be1c1_1708831764625], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],777][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],778][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver],
linkName[LN_3f6fb9_1708831764778_d90_G21], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],796][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver],
linkName[LN_3f6fb9_1708831764778_d90_G21], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@796a031
f}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],796][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], linkName[LN_3f6fb9_1708831764778_d90_G21], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],798][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: EH client and receiver creation finished
[2024-02-25T[Link],827][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_88d1fa_1708831764705],
remoteContainer[3bb97820beda43f7a42712dc1b8ade07_G30]
[2024-02-25T[Link],828][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],828][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],837][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],838][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_88d1fa_1708831764705], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],846][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_88d1fa_1708831764705], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],847][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],847][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],856][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_88d1fa_1708831764705], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],857][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],858][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],858][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_88d1fa_1708831764705],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],867][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_88d1fa_1708831764705], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],867][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_88d1fa_1708831764705], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],875][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_88d1fa_1708831764705], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],875][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],875][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver],
linkName[LN_c977a7_1708831764875_e07_G30], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],885][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver],
linkName[LN_c977a7_1708831764875_e07_G30], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@4e831d2
5}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],887][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], linkName[LN_c977a7_1708831764875_e07_G30], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],888][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: EH client and receiver creation finished
[2024-02-25T[Link],677][WARN ][[Link] ] SIGTERM received.
Shutting down.
[2024-02-25T[Link],487][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],488][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Stopping event processing
[2024-02-25T[Link],488][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Shutting down all pumps
[2024-02-25T[Link],488][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: closing pump for reason Shutdown
[2024-02-25T[Link],489][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: pump shutdown for reason Shutdown
[2024-02-25T[Link],489][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: closing pump for reason Shutdown
[2024-02-25T[Link],489][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: pump shutdown for reason Shutdown
[2024-02-25T[Link],489][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: Setting receive handler to null
[2024-02-25T[Link],490][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: Setting receive handler to null
[2024-02-25T[Link],506][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Stopping event processing
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Shutting down all pumps
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: closing pump for reason Shutdown
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: pump shutdown for reason Shutdown
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: closing pump for reason Shutdown
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: pump shutdown for reason Shutdown
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: Setting receive handler to null
[2024-02-25T[Link],507][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: Setting receive handler to null
[2024-02-25T[Link],788][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],790][ERROR][[Link]] The
shutdown process appears to be stalled due to busy or blocked plugins. Check the
logs for more information.
[2024-02-25T[Link],969][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (0) as per the request.
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: Closing EH receiver
[2024-02-25T[Link],969][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625]
[2024-02-25T[Link],969][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver]
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver],
linkName[LN_3f6fb9_1708831764778_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver],
linkName[LN_3f6fb9_1708831764778_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],971][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_0be1c1_1708831764625], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],977][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-
InternalReceiver], linkName[LN_3f6fb9_1708831764778_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],977][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_a5dc87_1708831764755_MF_0be1c1_1708831764625-InternalReceiver],
linkName[LN_3f6fb9_1708831764778_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],977][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_0be1c1_1708831764625], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],977][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 0: Closing EH client
[2024-02-25T[Link],977][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_b4ca67_1708831764625]
[2024-02-25T[Link],977][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_0be1c1_1708831764625]
[2024-02-25T[Link],978][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_0be1c1_1708831764625], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],978][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],978][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],978][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],978][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_0be1c1_1708831764625],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],980][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],980][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],980][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],980][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],980][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_0be1c1_1708831764625],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],981][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_0be1c1_1708831764625], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],981][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_0be1c1_1708831764625],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],981][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_0be1c1_1708831764625], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],981][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_0be1c1_1708831764625], error[n/a]
[2024-02-25T[Link],981][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_0be1c1_1708831764625], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],981][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_0be1c1_1708831764625], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],981][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_0be1c1_1708831764625], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],987][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_0be1c1_1708831764625], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0], condition[null],
description[null]
[2024-02-25T[Link],987][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_0be1c1_1708831764625], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],987][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_0be1c1_1708831764625], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],999][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is closing.
(reason=Shutdown)
[2024-02-25T[Link],806][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],925][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (2) as per the request.
[2024-02-25T[Link],925][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: Closing EH receiver
[2024-02-25T[Link],925][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_15446e_1708831734926_MF_ba6c2b_1708831734785]
[2024-02-25T[Link],925][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver]
[2024-02-25T[Link],925][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],926][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver],
linkName[LN_9d3508_1708831735016_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],926][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver],
linkName[LN_9d3508_1708831735016_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],926][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_ba6c2b_1708831734785], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],928][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-
InternalReceiver], linkName[LN_9d3508_1708831735016_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],928][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_15446e_1708831734926_MF_ba6c2b_1708831734785-InternalReceiver],
linkName[LN_9d3508_1708831735016_c7c_G20], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],928][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_ba6c2b_1708831734785], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],928][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: 2: Closing EH client
[2024-02-25T[Link],928][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_7ac8ad_1708831734785]
[2024-02-25T[Link],928][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_ba6c2b_1708831734785]
[2024-02-25T[Link],929][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],930][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],930][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],930][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],930][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_ba6c2b_1708831734785],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],936][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],936][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],936][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],936][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],936][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_ba6c2b_1708831734785],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],936][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba6c2b_1708831734785], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],936][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_ba6c2b_1708831734785],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],937][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_ba6c2b_1708831734785], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],937][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785], error[n/a]
[2024-02-25T[Link],937][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_ba6c2b_1708831734785], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],937][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],937][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_ba6c2b_1708831734785], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],937][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_ba6c2b_1708831734785], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2], condition[null],
description[null]
[2024-02-25T[Link],937][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_ba6c2b_1708831734785], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],937][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba6c2b_1708831734785], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],938][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is closing.
(reason=Shutdown)
[2024-02-25T[Link],938][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
19947832-0294-42b6-9682-30e15befea9f: Partition manager exiting
[2024-02-25T[Link],938][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],833][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],847][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],860][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],873][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],886][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],898][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],734][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (3) as per the request.
[2024-02-25T[Link],734][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: Closing EH receiver
[2024-02-25T[Link],734][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_22e3e4_1708831734906_MF_ba4833_1708831734785]
[2024-02-25T[Link],734][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver]
[2024-02-25T[Link],734][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],735][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver],
linkName[LN_68bbbf_1708831735025_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],735][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver],
linkName[LN_68bbbf_1708831735025_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],735][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_ba4833_1708831734785], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],736][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-
InternalReceiver], linkName[LN_68bbbf_1708831735025_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],736][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_22e3e4_1708831734906_MF_ba4833_1708831734785-InternalReceiver],
linkName[LN_68bbbf_1708831735025_9b1_G11], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],737][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_ba4833_1708831734785], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],737][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 3: Closing EH client
[2024-02-25T[Link],737][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_59c78e_1708831734784]
[2024-02-25T[Link],737][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_ba4833_1708831734785]
[2024-02-25T[Link],738][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_ba4833_1708831734785], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],738][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],738][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],738][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],738][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_ba4833_1708831734785],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],744][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],744][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],744][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],744][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],744][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_ba4833_1708831734785],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],744][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba4833_1708831734785], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],744][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_ba4833_1708831734785],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],744][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_ba4833_1708831734785], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],745][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_ba4833_1708831734785], error[n/a]
[2024-02-25T[Link],745][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_ba4833_1708831734785], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],745][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_ba4833_1708831734785], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],745][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_ba4833_1708831734785], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],745][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_ba4833_1708831734785], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3], condition[null],
description[null]
[2024-02-25T[Link],745][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_ba4833_1708831734785], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],745][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_ba4833_1708831734785], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],745][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is closing.
(reason=Shutdown)
[2024-02-25T[Link],911][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],929][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>27, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],881][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (1) as per the request.
[2024-02-25T[Link],881][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: Closing EH receiver
[2024-02-25T[Link],881][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_1c3444_1708831764828_MF_88d1fa_1708831764705]
[2024-02-25T[Link],881][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver]
[2024-02-25T[Link],881][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],882][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver],
linkName[LN_c977a7_1708831764875_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],882][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver],
linkName[LN_c977a7_1708831764875_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],882][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_88d1fa_1708831764705], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],883][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-
InternalReceiver], linkName[LN_c977a7_1708831764875_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],883][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_1c3444_1708831764828_MF_88d1fa_1708831764705-InternalReceiver],
linkName[LN_c977a7_1708831764875_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],883][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_88d1fa_1708831764705], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],883][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: 1: Closing EH client
[2024-02-25T[Link],884][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_054229_1708831764705]
[2024-02-25T[Link],884][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_88d1fa_1708831764705]
[2024-02-25T[Link],884][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_88d1fa_1708831764705], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],885][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],885][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],885][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],885][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_88d1fa_1708831764705],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],888][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_88d1fa_1708831764705],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_88d1fa_1708831764705], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_88d1fa_1708831764705],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],889][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_88d1fa_1708831764705], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_88d1fa_1708831764705], error[n/a]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_88d1fa_1708831764705], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_88d1fa_1708831764705], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],889][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_88d1fa_1708831764705], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],889][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_88d1fa_1708831764705], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1], condition[null],
description[null]
[2024-02-25T[Link],889][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_88d1fa_1708831764705], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],889][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_88d1fa_1708831764705], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],890][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is closing.
(reason=Shutdown)
[2024-02-25T[Link],890][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
4cd28fe3-b5e1-46de-ba75-026c0ef1cf4d: Partition manager exiting
[2024-02-25T[Link],890][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],442][INFO ][[Link] ][azure_waf_access]
Pipeline terminated {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],031][INFO ][[Link]] Removed pipeline from
registry successfully {:pipeline_id=>:azure_waf_access}
[2024-02-25T[Link],129][INFO ][[Link] ] Logstash shut down.
[2024-02-25T[Link],762][INFO ][[Link] ] Log4j configuration
path used is: /etc/logstash/[Link]
[2024-02-25T[Link],784][INFO ][[Link] ] Starting Logstash
{"[Link]"=>"8.11.4", "[Link]"=>"jruby [Link] (3.1.4) 2023-11-02
1abae2700f OpenJDK 64-Bit Server VM 17.0.9+9 on 17.0.9+9 +indy +jit [x86_64-
linux]"}
[2024-02-25T[Link],794][INFO ][[Link] ] JVM bootstrap flags: [-
Xms4g, -Xmx4g, -[Link]=true, -[Link]=UTF-8, -
[Link]=true, -[Link]=0, -
[Link]=true, -XX:+HeapDumpOnOutOfMemoryError, -
[Link]=file:/dev/urandom, -[Link]=true,
--add-opens=[Link]/[Link]=ALL-UNNAMED, --add-opens=[Link]/[Link]=ALL-
UNNAMED, -[Link]=true,
--add-exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED,
--add-opens=[Link]/[Link]=ALL-UNNAMED, --add-opens=[Link]/[Link]=ALL-
UNNAMED, --add-opens=[Link]/[Link]=ALL-UNNAMED, --add-
opens=[Link]/[Link]=ALL-UNNAMED,
--add-opens=[Link]/[Link]=ALL-UNNAMED]
[2024-02-25T[Link],813][DEBUG][[Link]] Found module
{:module_name=>"fb_apache",
:directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2024-02-25T[Link],813][DEBUG][[Link]] Adding plugin to the
registry
{:name=>"fb_apache", :type=>:modules, :class=>#<LogStash::Modules::Scaffold:0xdff04
58 @directory="/usr/share/logstash/modules/fb_apache/configuration",
@module_name="fb_apache", @kibana_version_parts=["6", "0", "0"]>}
[2024-02-25T[Link],814][DEBUG][[Link]] Found module
{:module_name=>"netflow",
:directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2024-02-25T[Link],821][DEBUG][[Link]] Adding plugin to the
registry
{:name=>"netflow", :type=>:modules, :class=>#<LogStash::Modules::Scaffold:0x64bf34e
4 @directory="/usr/share/logstash/modules/netflow/configuration",
@module_name="netflow", @kibana_version_parts=["6", "0", "0"]>}
[2024-02-25T[Link],907][DEBUG][[Link] ] Setting global
FieldReference escape style: none
[2024-02-25T[Link],559][DEBUG][[Link] ] -------- Logstash
Settings (* means modified) ---------
[2024-02-25T[Link],559][DEBUG][[Link] ] allow_superuser: true
[2024-02-25T[Link],560][DEBUG][[Link] ] [Link]: "zsm001-
0z9019"
[2024-02-25T[Link],560][DEBUG][[Link] ] *[Link]:
"/var/lib/logstash" (default: "/usr/share/logstash/data")
[2024-02-25T[Link],566][DEBUG][[Link] ] [Link]:
#<Java::OrgLogstashUtil::ModulesSettingArray: []>
[2024-02-25T[Link],566][DEBUG][[Link] ] modules: []
[2024-02-25T[Link],566][DEBUG][[Link] ] modules_list: []
[2024-02-25T[Link],567][DEBUG][[Link] ] modules_variable_list:
[]
[2024-02-25T[Link],567][DEBUG][[Link] ] modules_setup: false
[2024-02-25T[Link],567][DEBUG][[Link] ] config.test_and_exit:
false
[2024-02-25T[Link],567][DEBUG][[Link] ]
*[Link]: true (default: false)
[2024-02-25T[Link],567][DEBUG][[Link] ] [Link]:
#<Java::OrgLogstashUtil::TimeValue:0x45da0d4>
[2024-02-25T[Link],567][DEBUG][[Link] ]
*config.support_escapes: true (default: false)
[2024-02-25T[Link],567][DEBUG][[Link] ]
config.field_reference.escape_style: "none"
[2024-02-25T[Link],567][DEBUG][[Link] ] event_api.[Link]:
"rename"
[2024-02-25T[Link],567][DEBUG][[Link] ] [Link]: true
[2024-02-25T[Link],567][DEBUG][[Link] ] [Link]: "main"
[2024-02-25T[Link],568][DEBUG][[Link] ] [Link]: false
[2024-02-25T[Link],568][DEBUG][[Link] ] [Link]: 4
[2024-02-25T[Link],568][DEBUG][[Link] ] [Link]:
125
[2024-02-25T[Link],568][DEBUG][[Link] ] [Link]:
50
[2024-02-25T[Link],568][DEBUG][[Link] ]
pipeline.unsafe_shutdown: false
[2024-02-25T[Link],568][DEBUG][[Link] ] [Link]:
true
[2024-02-25T[Link],568][DEBUG][[Link] ]
pipeline.plugin_classloaders: false
[2024-02-25T[Link],568][DEBUG][[Link] ] pipeline.separate_logs:
false
[2024-02-25T[Link],569][DEBUG][[Link] ] [Link]:
"auto"
[2024-02-25T[Link],569][DEBUG][[Link] ]
pipeline.ecs_compatibility: "v8"
[2024-02-25T[Link],569][DEBUG][[Link] ] [Link]: []
[2024-02-25T[Link],569][DEBUG][[Link] ] [Link]: false
[2024-02-25T[Link],569][DEBUG][[Link] ] *[Link]: "debug"
(default: "info")
[2024-02-25T[Link],569][DEBUG][[Link] ] version: false
[2024-02-25T[Link],569][DEBUG][[Link] ] help: false
[2024-02-25T[Link],569][DEBUG][[Link] ] enable-local-plugin-
development: false
[2024-02-25T[Link],569][DEBUG][[Link] ] [Link]: "plain"
[2024-02-25T[Link],570][DEBUG][[Link] ] [Link]: true
[2024-02-25T[Link],578][DEBUG][[Link] ] [Link]:
"[Link]"
[2024-02-25T[Link],578][DEBUG][[Link] ] [Link]:
9600..9700
[2024-02-25T[Link],578][DEBUG][[Link] ] [Link]:
"production"
[2024-02-25T[Link],578][DEBUG][[Link] ] [Link]: "none"
[2024-02-25T[Link],578][DEBUG][[Link] ]
[Link].password_policy.mode: "WARN"
[2024-02-25T[Link],578][DEBUG][[Link] ]
[Link].password_policy.[Link]: 8
[2024-02-25T[Link],578][DEBUG][[Link] ]
[Link].password_policy.[Link]: "REQUIRED"
[2024-02-25T[Link],578][DEBUG][[Link] ]
[Link].password_policy.[Link]: "REQUIRED"
[2024-02-25T[Link],578][DEBUG][[Link] ]
[Link].password_policy.[Link]: "REQUIRED"
[2024-02-25T[Link],578][DEBUG][[Link] ]
[Link].password_policy.[Link]: "OPTIONAL"
[2024-02-25T[Link],578][DEBUG][[Link] ] [Link]: false
[2024-02-25T[Link],579][DEBUG][[Link] ]
[Link].supported_protocols: []
[2024-02-25T[Link],579][DEBUG][[Link] ] *[Link]:
"persisted" (default: "memory")
[2024-02-25T[Link],579][DEBUG][[Link] ] [Link]: false
[2024-02-25T[Link],579][DEBUG][[Link] ] queue.page_capacity:
67108864
[2024-02-25T[Link],586][DEBUG][[Link] ] *queue.max_bytes:
5368709120 (default: 1073741824)
[2024-02-25T[Link],587][DEBUG][[Link] ] queue.max_events: 0
[2024-02-25T[Link],587][DEBUG][[Link] ] [Link]:
1024
[2024-02-25T[Link],587][DEBUG][[Link] ]
[Link]: 1024
[2024-02-25T[Link],587][DEBUG][[Link] ]
[Link]: 1000
[2024-02-25T[Link],587][DEBUG][[Link] ] [Link]:
true
[2024-02-25T[Link],587][DEBUG][[Link] ]
dead_letter_queue.enable: false
[2024-02-25T[Link],588][DEBUG][[Link] ]
dead_letter_queue.max_bytes: 1073741824
[2024-02-25T[Link],588][DEBUG][[Link] ]
dead_letter_queue.flush_interval: 5000
[2024-02-25T[Link],588][DEBUG][[Link] ]
dead_letter_queue.storage_policy: "drop_newer"
[2024-02-25T[Link],588][DEBUG][[Link] ] [Link]:
#<Java::OrgLogstashUtil::TimeValue:0x6a9f41ff>
[2024-02-25T[Link],588][DEBUG][[Link] ] [Link]:
#<Java::OrgLogstashUtil::TimeValue:0x57a0f6a2>
[2024-02-25T[Link],588][DEBUG][[Link] ]
[Link]: #<Java::OrgLogstashUtil::TimeValue:0x5def348b>
[2024-02-25T[Link],588][DEBUG][[Link] ]
[Link]: #<Java::OrgLogstashUtil::TimeValue:0x4e1210de>
[2024-02-25T[Link],588][DEBUG][[Link] ] [Link]:
"[Link]"
[2024-02-25T[Link],588][DEBUG][[Link] ] *[Link]:
"/etc/logstash/[Link]" (default:
"/usr/share/logstash/config/[Link]")
[2024-02-25T[Link],589][DEBUG][[Link] ] *[Link]:
"/var/lib/logstash/queue" (default: "/usr/share/logstash/data/queue")
[2024-02-25T[Link],589][DEBUG][[Link] ]
*path.dead_letter_queue: "/var/lib/logstash/dead_letter_queue" (default:
"/usr/share/logstash/data/dead_letter_queue")
[2024-02-25T[Link],589][DEBUG][[Link] ] *[Link]:
"/etc/logstash" (default: "/usr/share/logstash/config")
[2024-02-25T[Link],589][DEBUG][[Link] ] *[Link]:
"/var/log/logstash" (default: "/usr/share/logstash/logs")
[2024-02-25T[Link],589][DEBUG][[Link] ]
[Link]: false
[2024-02-25T[Link],590][DEBUG][[Link] ]
[Link]: ["[Link]
[2024-02-25T[Link],590][DEBUG][[Link] ]
[Link]:
#<Java::OrgLogstashUtil::TimeValue:0x7e7047a2>
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link].timeout_interval:
#<Java::OrgLogstashUtil::TimeValue:0x17b59bc>
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link]: "logstash_system"
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link].verification_mode: "full"
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link].cipher_suites: []
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link]: false
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link]: true
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link]: true
[2024-02-25T[Link],597][DEBUG][[Link] ] [Link]:
false
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link]: ["[Link]
[2024-02-25T[Link],597][DEBUG][[Link] ]
[Link]: #<Java::OrgLogstashUtil::TimeValue:0x70d49a95>
[2024-02-25T[Link],598][DEBUG][[Link] ]
[Link].timeout_interval:
#<Java::OrgLogstashUtil::TimeValue:0x35b331de>
[2024-02-25T[Link],598][DEBUG][[Link] ]
[Link]: "logstash_system"
[2024-02-25T[Link],598][DEBUG][[Link] ]
[Link].verification_mode: "full"
[2024-02-25T[Link],598][DEBUG][[Link] ]
[Link].cipher_suites: []
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: false
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: true
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: true
[2024-02-25T[Link],599][DEBUG][[Link] ] [Link]: ""
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: false
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link].poll_interval:
#<Java::OrgLogstashUtil::TimeValue:0x6c00601e>
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: ["main"]
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: "logstash_system"
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: ["[Link]
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link].cipher_suites: []
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link].verification_mode: "full"
[2024-02-25T[Link],599][DEBUG][[Link] ]
[Link]: false
[2024-02-25T[Link],600][DEBUG][[Link] ]
[Link]: true
[2024-02-25T[Link],600][DEBUG][[Link] ] ---------------
Logstash Settings -------------------
[2024-02-25T[Link],950][DEBUG][[Link] ] Initializing API
WebServer {"[Link]"=>"[Link]", "[Link]"=>9600..9700,
"[Link]"=>false, "[Link]"=>"none", "[Link]"=>"production"}
[2024-02-25T[Link],039][DEBUG][[Link] ] [api-service] start
[2024-02-25T[Link],282][DEBUG][[Link] ] Setting up metric
collection
[2024-02-25T[Link],544][DEBUG][[Link]] Starting
{:polling_interval=>5, :polling_timeout=>120}
[2024-02-25T[Link],079][DEBUG][[Link]] Starting
{:polling_interval=>5, :polling_timeout=>120}
[2024-02-25T[Link],259][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],276][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],309][DEBUG]
[[Link]] Starting
{:polling_interval=>5, :polling_timeout=>120}
[2024-02-25T[Link],347][DEBUG]
[[Link]] Starting
{:polling_interval=>5, :polling_timeout=>120}
[2024-02-25T[Link],358][DEBUG][[Link]]
Starting {:polling_interval=>5, :polling_timeout=>120}
[2024-02-25T[Link],408][DEBUG][[Link] ] Starting agent
[2024-02-25T[Link],463][DEBUG][[Link] ] Starting API WebServer
(puma)
[2024-02-25T[Link],642][DEBUG][[Link] ] Trying to start API
WebServer {:port=>9600, :ssl_enabled=>false}
[2024-02-25T[Link],662][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],681][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],923][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>1}
[2024-02-25T[Link],939][INFO ][[Link] ] Successfully started
Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2024-02-25T[Link],954][DEBUG][[Link] ] Executing action
{:action=>LogStash::PipelineAction::Create/pipeline_id:azure_waf_access}
[2024-02-25T[Link],994][DEBUG][[Link]]
Attempting to exists or secret store with implementation:
[Link]
[2024-02-25T[Link],725][INFO ][[Link]] Reflections took 231
ms to scan 1 urls, producing 131 keys and 463 values
[2024-02-25T[Link],784][DEBUG][[Link]]
Attempting to exists or secret store with implementation:
[Link]
[2024-02-25T[Link],002][DEBUG][[Link]] On demand adding plugin
to the registry
{:name=>"azure_event_hubs", :type=>"input", :class=>LogStash::Inputs::AzureEventHub
s}
[2024-02-25T[Link],195][DEBUG][[Link]] On demand adding plugin
to the registry {:name=>"plain", :type=>"codec", :class=>LogStash::Codecs::Plain}
[2024-02-25T[Link],346][DEBUG][[Link] ] config
LogStash::Codecs::Plain/@id = "plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1"
[2024-02-25T[Link],347][DEBUG][[Link] ] config
LogStash::Codecs::Plain/@enable_metric = true
[2024-02-25T[Link],354][DEBUG][[Link] ] config
LogStash::Codecs::Plain/@charset = "UTF-8"
[2024-02-25T[Link],446][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@consumer_group = "$Default"
[2024-02-25T[Link],447][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@event_hub_connections = ["Endpoint=sb://yazure-
eventhub-
[Link]/;SharedAccessKeyName=ListningKeyForLogstash;SharedAcce
ssKey=<redacted>/bkSDWI4Go02BP8N5hlvANQomVJjlcPn4=;EntityPath=insights-logs-
applicationgatewayaccesslog", "Endpoint=sb://yazure-eventhub-
[Link]/;SharedAccessKeyName=ListningKeyForLogstash;SharedAcce
ssKey=<redacted>/s0nMM=;EntityPath=insights-logs-applicationgatewayaccesslog"]
[2024-02-25T[Link],447][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@threads = 8
[2024-02-25T[Link],447][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@id =
"e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8"
[2024-02-25T[Link],447][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@type = "azure_waf"
[2024-02-25T[Link],447][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@initial_position = "end"
[2024-02-25T[Link],447][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@decorate_events = true
[2024-02-25T[Link],448][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@event_hubs = ["dummy"]
[2024-02-25T[Link],454][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@enable_metric = true
[2024-02-25T[Link],466][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@codec = <LogStash::Codecs::Plain
id=>"plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1", enable_metric=>true,
charset=>"UTF-8">
[2024-02-25T[Link],467][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@add_field = {}
[2024-02-25T[Link],467][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@config_mode = "basic"
[2024-02-25T[Link],467][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@max_batch_size = 125
[2024-02-25T[Link],467][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@prefetch_count = 300
[2024-02-25T[Link],467][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@receive_timeout = 60
[2024-02-25T[Link],467][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@initial_position_look_back = 86400
[2024-02-25T[Link],467][DEBUG][[Link]] config
LogStash::Inputs::AzureEventHubs/@checkpoint_interval = 5
[2024-02-25T[Link],578][DEBUG][[Link]] On demand adding plugin
to the registry {:name=>"json", :type=>"filter", :class=>LogStash::Filters::Json}
[2024-02-25T[Link],609][DEBUG][[Link] ] config
LogStash::Filters::Json/@source = "message"
[2024-02-25T[Link],615][DEBUG][[Link] ] config
LogStash::Filters::Json/@id =
"13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007"
[2024-02-25T[Link],616][DEBUG][[Link] ] config
LogStash::Filters::Json/@enable_metric = true
[2024-02-25T[Link],616][DEBUG][[Link] ] config
LogStash::Filters::Json/@add_tag = []
[2024-02-25T[Link],616][DEBUG][[Link] ] config
LogStash::Filters::Json/@remove_tag = []
[2024-02-25T[Link],616][DEBUG][[Link] ] config
LogStash::Filters::Json/@add_field = {}
[2024-02-25T[Link],616][DEBUG][[Link] ] config
LogStash::Filters::Json/@remove_field = []
[2024-02-25T[Link],616][DEBUG][[Link] ] config
LogStash::Filters::Json/@periodic_flush = false
[2024-02-25T[Link],617][DEBUG][[Link] ] config
LogStash::Filters::Json/@tag_on_failure = ["_jsonparsefailure"]
[2024-02-25T[Link],617][DEBUG][[Link] ] config
LogStash::Filters::Json/@skip_on_invalid_json = false
[2024-02-25T[Link],628][DEBUG][[Link]] On demand adding plugin
to the registry {:name=>"split", :type=>"filter", :class=>LogStash::Filters::Split}
[2024-02-25T[Link],647][DEBUG][[Link] ] config
LogStash::Filters::Split/@field = "records"
[2024-02-25T[Link],647][DEBUG][[Link] ] config
LogStash::Filters::Split/@id =
"c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c"
[2024-02-25T[Link],647][DEBUG][[Link] ] config
LogStash::Filters::Split/@enable_metric = true
[2024-02-25T[Link],647][DEBUG][[Link] ] config
LogStash::Filters::Split/@add_tag = []
[2024-02-25T[Link],648][DEBUG][[Link] ] config
LogStash::Filters::Split/@remove_tag = []
[2024-02-25T[Link],648][DEBUG][[Link] ] config
LogStash::Filters::Split/@add_field = {}
[2024-02-25T[Link],648][DEBUG][[Link] ] config
LogStash::Filters::Split/@remove_field = []
[2024-02-25T[Link],648][DEBUG][[Link] ] config
LogStash::Filters::Split/@periodic_flush = false
[2024-02-25T[Link],648][DEBUG][[Link] ] config
LogStash::Filters::Split/@terminator = "\n"
[2024-02-25T[Link],667][DEBUG][[Link]] On demand adding plugin
to the registry {:name=>"geoip", :type=>"filter", :class=>LogStash::Filters::GeoIP}
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@source = "[records][properties][clientIP]"
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@target = "geoip"
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@id =
"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@enable_metric = true
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@add_tag = []
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@remove_tag = []
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@add_field = {}
[2024-02-25T[Link],688][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@remove_field = []
[2024-02-25T[Link],689][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@periodic_flush = false
[2024-02-25T[Link],689][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@default_database_type = "City"
[2024-02-25T[Link],689][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@cache_size = 1000
[2024-02-25T[Link],689][DEBUG][[Link] ] config
LogStash::Filters::GeoIP/@tag_on_failure = ["_geoip_lookup_failure"]
[2024-02-25T[Link],699][DEBUG][[Link]] On demand adding plugin
to the registry
{:name=>"elasticsearch", :type=>"output", :class=>LogStash::Outputs::ElasticSearch}
[2024-02-25T[Link],749][DEBUG][[Link] ] config
LogStash::Codecs::Plain/@id = "plain_f8a672fc-7d8f-4d46-babe-5cf362c946fd"
[2024-02-25T[Link],756][DEBUG][[Link] ] config
LogStash::Codecs::Plain/@enable_metric = true
[2024-02-25T[Link],756][DEBUG][[Link] ] config
LogStash::Codecs::Plain/@charset = "UTF-8"
[2024-02-25T[Link],867][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@password = <password>
[2024-02-25T[Link],887][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@hosts =
[[Link]
[2024-02-25T[Link],887][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@ilm_enabled = "true"
[2024-02-25T[Link],887][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@ilm_rollover_alias = "yokogawa-azure-waf"
[2024-02-25T[Link],887][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@id =
"002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529"
[2024-02-25T[Link],887][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@ilm_policy = "yokogawa-ilm-policy"
[2024-02-25T[Link],888][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@user = "logstash_internal"
[2024-02-25T[Link],888][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@timeout = 120
[2024-02-25T[Link],888][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@ilm_pattern = "000001"
[2024-02-25T[Link],888][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@enable_metric = true
[2024-02-25T[Link],888][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@codec = <LogStash::Codecs::Plain
id=>"plain_f8a672fc-7d8f-4d46-babe-5cf362c946fd", enable_metric=>true,
charset=>"UTF-8">
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@workers = 1
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@ssl_certificate_verification = true
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@ssl_verification_mode = "full"
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@ssl_supported_protocols = []
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@sniffing = false
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@sniffing_delay = 5
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@failure_type_logging_whitelist = []
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@silence_errors_in_log = []
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@pool_max = 1000
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@pool_max_per_route = 100
[2024-02-25T[Link],889][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@resurrect_delay = 5
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@validate_after_inactivity = 10000
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@http_compression = true
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@compression_level = 1
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@custom_headers = {}
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@retry_initial_interval = 2
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@retry_max_interval = 64
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@dlq_custom_codes = []
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@dlq_on_failed_indexname_interpolation = true
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@data_stream_type = "logs"
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@data_stream_dataset = "generic"
[2024-02-25T[Link],890][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@data_stream_namespace = "default"
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@data_stream_sync_fields = true
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@data_stream_auto_routing = true
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@manage_template = true
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@template_overwrite = false
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@template_api = "auto"
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@parent = nil
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@join_field = nil
[2024-02-25T[Link],891][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@upsert = ""
[2024-02-25T[Link],898][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@doc_as_upsert = false
[2024-02-25T[Link],898][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@script = ""
[2024-02-25T[Link],898][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@script_type = "inline"
[2024-02-25T[Link],898][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@script_lang = "painless"
[2024-02-25T[Link],899][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@script_var_name = "event"
[2024-02-25T[Link],899][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@scripted_upsert = false
[2024-02-25T[Link],899][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@retry_on_conflict = 1
[2024-02-25T[Link],899][DEBUG][[Link]] config
LogStash::Outputs::ElasticSearch/@pipeline = nil
[2024-02-25T[Link],072][DEBUG][[Link]] PQ version
file with correct version information (v2) found.
[2024-02-25T[Link],081][DEBUG][[Link]] opening head page:
1815, in: /var/lib/logstash/queue/azure_waf_access, with checkpoint: pageNum=1815,
firstUnackedPageNum=1815, firstUnackedSeqNum=4157119, minSeqNum=4157101,
elementCount=18, isFullyAcked=yes
[2024-02-25T[Link],243][DEBUG][[Link].MmapPageIOV2] PageIO
recovery for '/var/lib/logstash/queue/azure_waf_access/page.1815' element index:18,
readNextElement exception: Element seqNum 0 is expected to be 4157119
[2024-02-25T[Link],270][DEBUG][[Link].MmapPageIOV2] PageIO
deleting '/var/lib/logstash/queue/azure_waf_access/page.1815'
[2024-02-25T[Link],284][DEBUG][[Link]]
CheckpointIO deleting '/var/lib/logstash/queue/azure_waf_access/checkpoint.1815'
[2024-02-25T[Link],293][DEBUG][[Link]] created new head
page: MmapPageIOV2{file=/var/lib/logstash/queue/azure_waf_access/page.1816,
capacity=67108864, minSeqNum=0, elementCount=0, head=1}
[2024-02-25T[Link],336][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],346][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],365][INFO ][[Link] ] Pipeline
`azure_waf_access` is configured with `pipeline.ecs_compatibility: v8` setting. All
plugins in this pipeline will default to `ecs_compatibility => v8` unless
explicitly configured otherwise.
[2024-02-25T[Link],426][DEBUG][[Link]] Flow
metric registered: `input_throughput` in namespace
`[:stats, :pipelines, :azure_waf_access, :flow]`
[2024-02-25T[Link],427][DEBUG][[Link]] Flow
metric registered: `filter_throughput` in namespace
`[:stats, :pipelines, :azure_waf_access, :flow]`
[2024-02-25T[Link],435][DEBUG][[Link]] Flow
metric registered: `output_throughput` in namespace
`[:stats, :pipelines, :azure_waf_access, :flow]`
[2024-02-25T[Link],435][DEBUG][[Link]] Flow
metric registered: `queue_backpressure` in namespace
`[:stats, :pipelines, :azure_waf_access, :flow]`
[2024-02-25T[Link],436][DEBUG][[Link]] Flow
metric registered: `worker_concurrency` in namespace
`[:stats, :pipelines, :azure_waf_access, :flow]`
[2024-02-25T[Link],444][DEBUG][[Link]] Flow
metric registered: `queue_persisted_growth_events` in namespace
`[:stats, :pipelines, :azure_waf_access, :flow]`
[2024-02-25T[Link],445][DEBUG][[Link]] Flow
metric registered: `queue_persisted_growth_bytes` in namespace
`[:stats, :pipelines, :azure_waf_access, :flow]`
[2024-02-25T[Link],446][DEBUG][[Link]] Flow
metric registered: `throughput` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :inputs, :e921425eaa599df0a156e9
171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8, :flow]`
[2024-02-25T[Link],454][DEBUG][[Link]] Flow
metric registered: `worker_millis_per_event` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :filters, :c9dc54bab189bcc2e72ee
b2fbd060cc34f16257f502c7ae071523926284f8c3c, :flow]`
[2024-02-25T[Link],455][DEBUG][[Link]] Flow
metric registered: `worker_utilization` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :filters, :c9dc54bab189bcc2e72ee
b2fbd060cc34f16257f502c7ae071523926284f8c3c, :flow]`
[2024-02-25T[Link],455][DEBUG][[Link]] Flow
metric registered: `worker_millis_per_event` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :filters, :"13030e5da7228f05c45b
370a60d186125de0fce1dc2c99da1981116dcdcee007", :flow]`
[2024-02-25T[Link],456][DEBUG][[Link]] Flow
metric registered: `worker_utilization` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :filters, :"13030e5da7228f05c45b
370a60d186125de0fce1dc2c99da1981116dcdcee007", :flow]`
[2024-02-25T[Link],457][DEBUG][[Link]] Flow
metric registered: `worker_millis_per_event` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :filters, :b2323a9d19abd7b364189
6e41fcf9bd4c96b0c23f55974764be057edaa778ce9, :flow]`
[2024-02-25T[Link],457][DEBUG][[Link]] Flow
metric registered: `worker_utilization` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :filters, :b2323a9d19abd7b364189
6e41fcf9bd4c96b0c23f55974764be057edaa778ce9, :flow]`
[2024-02-25T[Link],464][DEBUG][[Link]] Flow
metric registered: `worker_millis_per_event` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :outputs, :"002863306c3be9a7ef2c
c1f5800ce366a73b96b72ca00b8328b725d162527529", :flow]`
[2024-02-25T[Link],465][DEBUG][[Link]] Flow
metric registered: `worker_utilization` in namespace
`[:stats, :pipelines, :azure_waf_access, :plugins, :outputs, :"002863306c3be9a7ef2c
c1f5800ce366a73b96b72ca00b8328b725d162527529", :flow]`
[2024-02-25T[Link],476][DEBUG][[Link] ] Starting pipeline
{:pipeline_id=>"azure_waf_access"}
[2024-02-25T[Link],528][INFO ][[Link]][azure_waf_access]
New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],616][DEBUG][[Link]][azure_waf_access]
Normalizing http path {:path=>nil, :normalized=>nil}
[2024-02-25T[Link],316][INFO ][[Link]][azure_waf_access]
Elasticsearch pool URLs updated {:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],366][DEBUG][[Link]][azure_waf_access]
Running health check to see if an Elasticsearch connection is working
{:healthcheck_url=>"[Link]
[Link]/", :path=>"/"}
[2024-02-25T[Link],353][WARN ][[Link]][azure_waf_access]
Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],375][INFO ][[Link]][azure_waf_access]
Elasticsearch version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],384][WARN ][[Link]][azure_waf_access]
Detected a 6.x and above cluster: the `type` event field won't be used to determine
the document _type {:es_version=>8}
[2024-02-25T[Link],524][INFO ][[Link]][azure_waf_access]
Not eligible for data streams because config contains one or more settings that are
not compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-azure-waf", "ilm_policy"=>"yokogawa-ilm-policy",
"ilm_pattern"=>"000001"}
[2024-02-25T[Link],542][INFO ][[Link]][azure_waf_access]
Data streams auto configuration (`data_stream => auto` or unset) resolved to
`false`
[2024-02-25T[Link],690][INFO ][[Link] ][azure_waf_access] ECS
compatibility is enabled but `target` option was not specified. This may cause
fields to be set at the top-level of the event where they are likely to clash with
the Elastic Common Schema. It is recommended to set the `target` option to avoid
potential schema conflicts (if your data is ECS compliant or non-conflicting, feel
free to ignore this message)
[2024-02-25T[Link],706][WARN ][[Link] ][azure_waf_access] ECS
expect `target` value `geoip` in ["client", "destination", "host", "observer",
"server", "source"]
[2024-02-25T[Link],820][INFO ][[Link]][azure_waf_access]
Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],992][DEBUG][[Link]][azure_waf_access]
Attempting to install template {:template=>{"index_patterns"=>"yokogawa-azure-waf-
*",
"template"=>{"settings"=>{"index"=>{"mapping"=>{"total_fields"=>{"limit"=>10000}},
"refresh_interval"=>"5s"}, "[Link]"=>"yokogawa-ilm-policy",
"[Link].rollover_alias"=>"yokogawa-azure-waf"},
"mappings"=>{"_meta"=>{"version"=>"8.0.1"}, "date_detection"=>false,
"dynamic_templates"=>[{"strings_as_keyword"=>{"mapping"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "match_mapping_type"=>"string"}}],
"properties"=>{"@timestamp"=>{"type"=>"date"},
"agent"=>{"properties"=>{"build"=>{"properties"=>{"original"=>{"ignore_above"=>1024
, "type"=>"keyword"}}}, "ephemeral_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"client"=>{"properties"=>{"address"=>{"ignore_above"=>1024, "type"=>"keyword"},
"as"=>{"properties"=>{"number"=>{"type"=>"long"},
"organization"=>{"properties"=>{"name"=>{"fields"=>{"text"=>{"type"=>"match_only_te
xt"}}, "ignore_above"=>1024, "type"=>"keyword"}}}}}, "bytes"=>{"type"=>"long"},
"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "ip"=>{"type"=>"ip"},
"mac"=>{"ignore_above"=>1024, "type"=>"keyword"},
"nat"=>{"properties"=>{"ip"=>{"type"=>"ip"}, "port"=>{"type"=>"long"}}},
"packets"=>{"type"=>"long"}, "port"=>{"type"=>"long"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"user"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"cloud"=>{"properties"=>{"account"=>{"properties"=>{"id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"availability_zone"=>{"ignore_above"=>1024, "type"=>"keyword"},
"instance"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"machine"=>{"properties"=>{"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"origin"=>{"properties"=>{"account"=>{"properties"=>{"id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"availability_zone"=>{"ignore_above"=>1024, "type"=>"keyword"},
"instance"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"machine"=>{"properties"=>{"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"project"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"provider"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region"=>{"ignore_above"=>1024, "type"=>"keyword"},
"service"=>{"properties"=>{"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"project"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"provider"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region"=>{"ignore_above"=>1024, "type"=>"keyword"},
"service"=>{"properties"=>{"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"target"=>{"properties"=>{"account"=>{"properties"=>{"id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"availability_zone"=>{"ignore_above"=>1024, "type"=>"keyword"},
"instance"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"machine"=>{"properties"=>{"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"project"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"provider"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region"=>{"ignore_above"=>1024, "type"=>"keyword"},
"service"=>{"properties"=>{"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}}}},
"container"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"image"=>{"properties"=>{"name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"tag"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "labels"=>{"type"=>"object"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"runtime"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"data_stream"=>{"properties"=>{"dataset"=>{"type"=>"constant_keyword"},
"namespace"=>{"type"=>"constant_keyword"}, "type"=>{"type"=>"constant_keyword"}}},
"destination"=>{"properties"=>{"address"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "as"=>{"properties"=>{"number"=>{"type"=>"long"},
"organization"=>{"properties"=>{"name"=>{"fields"=>{"text"=>{"type"=>"match_only_te
xt"}}, "ignore_above"=>1024, "type"=>"keyword"}}}}}, "bytes"=>{"type"=>"long"},
"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "ip"=>{"type"=>"ip"},
"mac"=>{"ignore_above"=>1024, "type"=>"keyword"},
"nat"=>{"properties"=>{"ip"=>{"type"=>"ip"}, "port"=>{"type"=>"long"}}},
"packets"=>{"type"=>"long"}, "port"=>{"type"=>"long"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"user"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"dll"=>{"properties"=>{"code_signature"=>{"properties"=>{"digest_algorithm"=>{"igno
re_above"=>1024, "type"=>"keyword"}, "exists"=>{"type"=>"boolean"},
"signing_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"status"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subject_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"team_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timestamp"=>{"type"=>"date"}, "trusted"=>{"type"=>"boolean"},
"valid"=>{"type"=>"boolean"}}},
"hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha1"=>{"ignore_above"=>1024, "type"=>"keyword"}, "sha256"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "sha512"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ssdeep"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}, "path"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "pe"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "company"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"file_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"imphash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"original_file_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"product"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"dns"=>{"properties"=>{"answers"=>{"properties"=>{"class"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "data"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}, "ttl"=>{"type"=>"long"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}, "type"=>"object"},
"header_flags"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "op_code"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "question"=>{"properties"=>{"class"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"resolved_ip"=>{"type"=>"ip"}, "response_code"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "type"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"ecs"=>{"properties"=>{"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"error"=>{"properties"=>{"code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"message"=>{"type"=>"match_only_text"},
"stack_trace"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"type"=>"wildcard"}, "type"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"event"=>{"properties"=>{"action"=>{"ignore_above"=>1024, "type"=>"keyword"},
"agent_id_status"=>{"ignore_above"=>1024, "type"=>"keyword"},
"category"=>{"ignore_above"=>1024, "type"=>"keyword"},
"code"=>{"ignore_above"=>1024, "type"=>"keyword"}, "created"=>{"type"=>"date"},
"dataset"=>{"ignore_above"=>1024, "type"=>"keyword"}, "duration"=>{"type"=>"long"},
"end"=>{"type"=>"date"}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "ingested"=>{"type"=>"date"},
"kind"=>{"ignore_above"=>1024, "type"=>"keyword"}, "module"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "original"=>{"doc_values"=>false, "index"=>false,
"type"=>"keyword"}, "outcome"=>{"ignore_above"=>1024, "type"=>"keyword"},
"provider"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reason"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"},
"risk_score"=>{"type"=>"float"}, "risk_score_norm"=>{"type"=>"float"},
"sequence"=>{"type"=>"long"}, "severity"=>{"type"=>"long"},
"start"=>{"type"=>"date"}, "timezone"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}, "url"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "faas"=>{"properties"=>{"coldstart"=>{"type"=>"boolean"},
"execution"=>{"ignore_above"=>1024, "type"=>"keyword"},
"trigger"=>{"properties"=>{"request_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}, "type"=>"nested"}}},
"file"=>{"properties"=>{"accessed"=>{"type"=>"date"},
"attributes"=>{"ignore_above"=>1024, "type"=>"keyword"},
"code_signature"=>{"properties"=>{"digest_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "exists"=>{"type"=>"boolean"},
"signing_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"status"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subject_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"team_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timestamp"=>{"type"=>"date"}, "trusted"=>{"type"=>"boolean"},
"valid"=>{"type"=>"boolean"}}}, "created"=>{"type"=>"date"},
"ctime"=>{"type"=>"date"}, "device"=>{"ignore_above"=>1024, "type"=>"keyword"},
"directory"=>{"ignore_above"=>1024, "type"=>"keyword"},
"drive_letter"=>{"ignore_above"=>1, "type"=>"keyword"},
"elf"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"byte_order"=>{"ignore_above"=>1024, "type"=>"keyword"},
"cpu_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"creation_date"=>{"type"=>"date"}, "exports"=>{"type"=>"flattened"},
"header"=>{"properties"=>{"abi_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"class"=>{"ignore_above"=>1024, "type"=>"keyword"}, "data"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "entrypoint"=>{"type"=>"long"},
"object_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"os_abi"=>{"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"imports"=>{"type"=>"flattened"},
"sections"=>{"properties"=>{"chi2"=>{"type"=>"long"}, "entropy"=>{"type"=>"long"},
"flags"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "physical_offset"=>{"ignore_above"=>1024, "type"=>"keyword"},
"physical_size"=>{"type"=>"long"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "virtual_address"=>{"type"=>"long"},
"virtual_size"=>{"type"=>"long"}}, "type"=>"nested"},
"segments"=>{"properties"=>{"sections"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}, "type"=>"nested"},
"shared_libraries"=>{"ignore_above"=>1024, "type"=>"keyword"},
"telfhash"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"extension"=>{"ignore_above"=>1024, "type"=>"keyword"},
"fork_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"gid"=>{"ignore_above"=>1024, "type"=>"keyword"}, "group"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "sha1"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha256"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha512"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ssdeep"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"inode"=>{"ignore_above"=>1024, "type"=>"keyword"},
"mime_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"mode"=>{"ignore_above"=>1024, "type"=>"keyword"}, "mtime"=>{"type"=>"date"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}, "owner"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "path"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"pe"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"company"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"file_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"imphash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"original_file_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"product"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "size"=>{"type"=>"long"},
"target_path"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "uid"=>{"ignore_above"=>1024, "type"=>"keyword"},
"x509"=>{"properties"=>{"alternative_names"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "issuer"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"not_after"=>{"type"=>"date"}, "not_before"=>{"type"=>"date"},
"public_key_algorithm"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_exponent"=>{"doc_values"=>false, "index"=>false, "type"=>"long"},
"public_key_size"=>{"type"=>"long"}, "serial_number"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "signature_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"subject"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version_number"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}},
"host"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"cpu"=>{"properties"=>{"usage"=>{"scaling_factor"=>1000, "type"=>"scaled_float"}}},
"disk"=>{"properties"=>{"read"=>{"properties"=>{"bytes"=>{"type"=>"long"}}},
"write"=>{"properties"=>{"bytes"=>{"type"=>"long"}}}}},
"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"hostname"=>{"ignore_above"=>1024, "type"=>"keyword"}, "id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "ip"=>{"type"=>"ip"}, "mac"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"network"=>{"properties"=>{"egress"=>{"properties"=>{"bytes"=>{"type"=>"long"},
"packets"=>{"type"=>"long"}}},
"ingress"=>{"properties"=>{"bytes"=>{"type"=>"long"},
"packets"=>{"type"=>"long"}}}}},
"os"=>{"properties"=>{"family"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "kernel"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "platform"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}, "uptime"=>{"type"=>"long"}}},
"http"=>{"properties"=>{"request"=>{"properties"=>{"body"=>{"properties"=>{"bytes"=
>{"type"=>"long"}, "content"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"type"=>"wildcard"}}}, "bytes"=>{"type"=>"long"}, "id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "method"=>{"ignore_above"=>1024, "type"=>"keyword"},
"mime_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"referrer"=>{"ignore_above"=>1024,
"type"=>"keyword"}}},
"response"=>{"properties"=>{"body"=>{"properties"=>{"bytes"=>{"type"=>"long"},
"content"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "type"=>"wildcard"}}},
"bytes"=>{"type"=>"long"}, "mime_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"status_code"=>{"type"=>"long"}}}, "version"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "labels"=>{"type"=>"object"},
"log"=>{"properties"=>{"file"=>{"properties"=>{"path"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "level"=>{"ignore_above"=>1024, "type"=>"keyword"},
"logger"=>{"ignore_above"=>1024, "type"=>"keyword"},
"origin"=>{"properties"=>{"file"=>{"properties"=>{"line"=>{"type"=>"long"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"function"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"syslog"=>{"properties"=>{"facility"=>{"properties"=>{"code"=>{"type"=>"long"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "priority"=>{"type"=>"long"},
"severity"=>{"properties"=>{"code"=>{"type"=>"long"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}, "type"=>"object"}}},
"message"=>{"type"=>"match_only_text"},
"network"=>{"properties"=>{"application"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "bytes"=>{"type"=>"long"},
"community_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"direction"=>{"ignore_above"=>1024, "type"=>"keyword"},
"forwarded_ip"=>{"type"=>"ip"}, "iana_number"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"inner"=>{"properties"=>{"vlan"=>{"properties"=>{"id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}},
"type"=>"object"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"packets"=>{"type"=>"long"}, "protocol"=>{"ignore_above"=>1024, "type"=>"keyword"},
"transport"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"vlan"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"observer"=>{"properties"=>{"egress"=>{"properties"=>{"interface"=>{"properties"=>{
"alias"=>{"ignore_above"=>1024, "type"=>"keyword"}, "id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"vlan"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "zone"=>{"ignore_above"=>1024,
"type"=>"keyword"}}, "type"=>"object"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"hostname"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ingress"=>{"properties"=>{"interface"=>{"properties"=>{"alias"=>{"ignore_above"=>1
024, "type"=>"keyword"}, "id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"vlan"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "zone"=>{"ignore_above"=>1024,
"type"=>"keyword"}}, "type"=>"object"}, "ip"=>{"type"=>"ip"},
"mac"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "os"=>{"properties"=>{"family"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "full"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "kernel"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "platform"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"product"=>{"ignore_above"=>1024, "type"=>"keyword"},
"serial_number"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}, "vendor"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"orchestrator"=>{"properties"=>{"api_version"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "cluster"=>{"properties"=>{"name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "url"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"namespace"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"resource"=>{"properties"=>{"name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "organization"=>{"properties"=>{"id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}}},
"package"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "build_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"checksum"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"install_scope"=>{"ignore_above"=>1024, "type"=>"keyword"},
"installed"=>{"type"=>"date"}, "license"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"path"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"}, "size"=>{"type"=>"long"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"process"=>{"properties"=>{"args"=>{"ignore_above"=>1024, "type"=>"keyword"},
"args_count"=>{"type"=>"long"},
"code_signature"=>{"properties"=>{"digest_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "exists"=>{"type"=>"boolean"},
"signing_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"status"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subject_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"team_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timestamp"=>{"type"=>"date"}, "trusted"=>{"type"=>"boolean"},
"valid"=>{"type"=>"boolean"}}},
"command_line"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"type"=>"wildcard"}, "elf"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "byte_order"=>{"ignore_above"=>1024, "type"=>"keyword"},
"cpu_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"creation_date"=>{"type"=>"date"}, "exports"=>{"type"=>"flattened"},
"header"=>{"properties"=>{"abi_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"class"=>{"ignore_above"=>1024, "type"=>"keyword"}, "data"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "entrypoint"=>{"type"=>"long"},
"object_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"os_abi"=>{"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"imports"=>{"type"=>"flattened"},
"sections"=>{"properties"=>{"chi2"=>{"type"=>"long"}, "entropy"=>{"type"=>"long"},
"flags"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "physical_offset"=>{"ignore_above"=>1024, "type"=>"keyword"},
"physical_size"=>{"type"=>"long"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "virtual_address"=>{"type"=>"long"},
"virtual_size"=>{"type"=>"long"}}, "type"=>"nested"},
"segments"=>{"properties"=>{"sections"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}, "type"=>"nested"},
"shared_libraries"=>{"ignore_above"=>1024, "type"=>"keyword"},
"telfhash"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "end"=>{"type"=>"date"},
"entity_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"executable"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "exit_code"=>{"type"=>"long"},
"hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha1"=>{"ignore_above"=>1024, "type"=>"keyword"}, "sha256"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "sha512"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ssdeep"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "parent"=>{"properties"=>{"args"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "args_count"=>{"type"=>"long"},
"code_signature"=>{"properties"=>{"digest_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "exists"=>{"type"=>"boolean"},
"signing_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"status"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subject_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"team_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timestamp"=>{"type"=>"date"}, "trusted"=>{"type"=>"boolean"},
"valid"=>{"type"=>"boolean"}}},
"command_line"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"type"=>"wildcard"}, "elf"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "byte_order"=>{"ignore_above"=>1024, "type"=>"keyword"},
"cpu_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"creation_date"=>{"type"=>"date"}, "exports"=>{"type"=>"flattened"},
"header"=>{"properties"=>{"abi_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"class"=>{"ignore_above"=>1024, "type"=>"keyword"}, "data"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "entrypoint"=>{"type"=>"long"},
"object_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"os_abi"=>{"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"imports"=>{"type"=>"flattened"},
"sections"=>{"properties"=>{"chi2"=>{"type"=>"long"}, "entropy"=>{"type"=>"long"},
"flags"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "physical_offset"=>{"ignore_above"=>1024, "type"=>"keyword"},
"physical_size"=>{"type"=>"long"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "virtual_address"=>{"type"=>"long"},
"virtual_size"=>{"type"=>"long"}}, "type"=>"nested"},
"segments"=>{"properties"=>{"sections"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}, "type"=>"nested"},
"shared_libraries"=>{"ignore_above"=>1024, "type"=>"keyword"},
"telfhash"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "end"=>{"type"=>"date"},
"entity_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"executable"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "exit_code"=>{"type"=>"long"},
"hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha1"=>{"ignore_above"=>1024, "type"=>"keyword"}, "sha256"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "sha512"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ssdeep"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "pe"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "company"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"file_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"imphash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"original_file_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"product"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "pgid"=>{"type"=>"long"},
"pid"=>{"type"=>"long"}, "start"=>{"type"=>"date"},
"thread"=>{"properties"=>{"id"=>{"type"=>"long"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "title"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "uptime"=>{"type"=>"long"},
"working_directory"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}}},
"pe"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"company"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"file_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"imphash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"original_file_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"product"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "pgid"=>{"type"=>"long"},
"pid"=>{"type"=>"long"}, "start"=>{"type"=>"date"},
"thread"=>{"properties"=>{"id"=>{"type"=>"long"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "title"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "uptime"=>{"type"=>"long"},
"working_directory"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}}},
"registry"=>{"properties"=>{"data"=>{"properties"=>{"bytes"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "strings"=>{"type"=>"wildcard"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hive"=>{"ignore_above"=>1024, "type"=>"keyword"},
"key"=>{"ignore_above"=>1024, "type"=>"keyword"}, "path"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "value"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"related"=>{"properties"=>{"hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"hosts"=>{"ignore_above"=>1024, "type"=>"keyword"}, "ip"=>{"type"=>"ip"},
"user"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"rule"=>{"properties"=>{"author"=>{"ignore_above"=>1024, "type"=>"keyword"},
"category"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "license"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ruleset"=>{"ignore_above"=>1024, "type"=>"keyword"},
"uuid"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"server"=>{"properties"=>{"address"=>{"ignore_above"=>1024, "type"=>"keyword"},
"as"=>{"properties"=>{"number"=>{"type"=>"long"},
"organization"=>{"properties"=>{"name"=>{"fields"=>{"text"=>{"type"=>"match_only_te
xt"}}, "ignore_above"=>1024, "type"=>"keyword"}}}}}, "bytes"=>{"type"=>"long"},
"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "ip"=>{"type"=>"ip"},
"mac"=>{"ignore_above"=>1024, "type"=>"keyword"},
"nat"=>{"properties"=>{"ip"=>{"type"=>"ip"}, "port"=>{"type"=>"long"}}},
"packets"=>{"type"=>"long"}, "port"=>{"type"=>"long"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"user"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"service"=>{"properties"=>{"address"=>{"ignore_above"=>1024, "type"=>"keyword"},
"environment"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ephemeral_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "node"=>{"properties"=>{"name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "origin"=>{"properties"=>{"address"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "environment"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ephemeral_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "node"=>{"properties"=>{"name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "state"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"state"=>{"ignore_above"=>1024, "type"=>"keyword"},
"target"=>{"properties"=>{"address"=>{"ignore_above"=>1024, "type"=>"keyword"},
"environment"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ephemeral_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "node"=>{"properties"=>{"name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "state"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"source"=>{"properties"=>{"address"=>{"ignore_above"=>1024, "type"=>"keyword"},
"as"=>{"properties"=>{"number"=>{"type"=>"long"},
"organization"=>{"properties"=>{"name"=>{"fields"=>{"text"=>{"type"=>"match_only_te
xt"}}, "ignore_above"=>1024, "type"=>"keyword"}}}}}, "bytes"=>{"type"=>"long"},
"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "ip"=>{"type"=>"ip"},
"mac"=>{"ignore_above"=>1024, "type"=>"keyword"},
"nat"=>{"properties"=>{"ip"=>{"type"=>"ip"}, "port"=>{"type"=>"long"}}},
"packets"=>{"type"=>"long"}, "port"=>{"type"=>"long"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"user"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"span"=>{"properties"=>{"id"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "tags"=>{"ignore_above"=>1024, "type"=>"keyword"},
"threat"=>{"properties"=>{"enrichments"=>{"properties"=>{"indicator"=>{"properties"
=>{"as"=>{"properties"=>{"number"=>{"type"=>"long"},
"organization"=>{"properties"=>{"name"=>{"fields"=>{"text"=>{"type"=>"match_only_te
xt"}}, "ignore_above"=>1024, "type"=>"keyword"}}}}},
"confidence"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"properties"=>{"address"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"file"=>{"properties"=>{"accessed"=>{"type"=>"date"},
"attributes"=>{"ignore_above"=>1024, "type"=>"keyword"},
"code_signature"=>{"properties"=>{"digest_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "exists"=>{"type"=>"boolean"},
"signing_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"status"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subject_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"team_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timestamp"=>{"type"=>"date"}, "trusted"=>{"type"=>"boolean"},
"valid"=>{"type"=>"boolean"}}}, "created"=>{"type"=>"date"},
"ctime"=>{"type"=>"date"}, "device"=>{"ignore_above"=>1024, "type"=>"keyword"},
"directory"=>{"ignore_above"=>1024, "type"=>"keyword"},
"drive_letter"=>{"ignore_above"=>1, "type"=>"keyword"},
"elf"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"byte_order"=>{"ignore_above"=>1024, "type"=>"keyword"},
"cpu_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"creation_date"=>{"type"=>"date"}, "exports"=>{"type"=>"flattened"},
"header"=>{"properties"=>{"abi_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"class"=>{"ignore_above"=>1024, "type"=>"keyword"}, "data"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "entrypoint"=>{"type"=>"long"},
"object_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"os_abi"=>{"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"imports"=>{"type"=>"flattened"},
"sections"=>{"properties"=>{"chi2"=>{"type"=>"long"}, "entropy"=>{"type"=>"long"},
"flags"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "physical_offset"=>{"ignore_above"=>1024, "type"=>"keyword"},
"physical_size"=>{"type"=>"long"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "virtual_address"=>{"type"=>"long"},
"virtual_size"=>{"type"=>"long"}}, "type"=>"nested"},
"segments"=>{"properties"=>{"sections"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}, "type"=>"nested"},
"shared_libraries"=>{"ignore_above"=>1024, "type"=>"keyword"},
"telfhash"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"extension"=>{"ignore_above"=>1024, "type"=>"keyword"},
"fork_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"gid"=>{"ignore_above"=>1024, "type"=>"keyword"}, "group"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "sha1"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha256"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha512"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ssdeep"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"inode"=>{"ignore_above"=>1024, "type"=>"keyword"},
"mime_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"mode"=>{"ignore_above"=>1024, "type"=>"keyword"}, "mtime"=>{"type"=>"date"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}, "owner"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "path"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"pe"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"company"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"file_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"imphash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"original_file_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"product"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "size"=>{"type"=>"long"},
"target_path"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "uid"=>{"ignore_above"=>1024, "type"=>"keyword"},
"x509"=>{"properties"=>{"alternative_names"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "issuer"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"not_after"=>{"type"=>"date"}, "not_before"=>{"type"=>"date"},
"public_key_algorithm"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_exponent"=>{"doc_values"=>false, "index"=>false, "type"=>"long"},
"public_key_size"=>{"type"=>"long"}, "serial_number"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "signature_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"subject"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version_number"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"first_seen"=>{"type"=>"date"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "ip"=>{"type"=>"ip"},
"last_seen"=>{"type"=>"date"},
"marking"=>{"properties"=>{"tlp"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"modified_at"=>{"type"=>"date"}, "port"=>{"type"=>"long"},
"provider"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"},
"registry"=>{"properties"=>{"data"=>{"properties"=>{"bytes"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "strings"=>{"type"=>"wildcard"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hive"=>{"ignore_above"=>1024, "type"=>"keyword"},
"key"=>{"ignore_above"=>1024, "type"=>"keyword"}, "path"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "value"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"scanner_stats"=>{"type"=>"long"}, "sightings"=>{"type"=>"long"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"url"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"extension"=>{"ignore_above"=>1024, "type"=>"keyword"},
"fragment"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "type"=>"wildcard"},
"original"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "type"=>"wildcard"},
"password"=>{"ignore_above"=>1024, "type"=>"keyword"},
"path"=>{"type"=>"wildcard"}, "port"=>{"type"=>"long"},
"query"=>{"ignore_above"=>1024, "type"=>"keyword"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"scheme"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"username"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"x509"=>{"properties"=>{"alternative_names"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "issuer"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"not_after"=>{"type"=>"date"}, "not_before"=>{"type"=>"date"},
"public_key_algorithm"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_exponent"=>{"doc_values"=>false, "index"=>false, "type"=>"long"},
"public_key_size"=>{"type"=>"long"}, "serial_number"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "signature_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"subject"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version_number"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}, "type"=>"object"},
"matched"=>{"properties"=>{"atomic"=>{"ignore_above"=>1024, "type"=>"keyword"},
"field"=>{"ignore_above"=>1024, "type"=>"keyword"}, "id"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "index"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}, "type"=>"nested"},
"framework"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "group"=>{"properties"=>{"alias"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"indicator"=>{"properties"=>{"as"=>{"properties"=>{"number"=>{"type"=>"long"},
"organization"=>{"properties"=>{"name"=>{"fields"=>{"text"=>{"type"=>"match_only_te
xt"}}, "ignore_above"=>1024, "type"=>"keyword"}}}}},
"confidence"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"properties"=>{"address"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"file"=>{"properties"=>{"accessed"=>{"type"=>"date"},
"attributes"=>{"ignore_above"=>1024, "type"=>"keyword"},
"code_signature"=>{"properties"=>{"digest_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "exists"=>{"type"=>"boolean"},
"signing_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"status"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subject_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"team_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timestamp"=>{"type"=>"date"}, "trusted"=>{"type"=>"boolean"},
"valid"=>{"type"=>"boolean"}}}, "created"=>{"type"=>"date"},
"ctime"=>{"type"=>"date"}, "device"=>{"ignore_above"=>1024, "type"=>"keyword"},
"directory"=>{"ignore_above"=>1024, "type"=>"keyword"},
"drive_letter"=>{"ignore_above"=>1, "type"=>"keyword"},
"elf"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"byte_order"=>{"ignore_above"=>1024, "type"=>"keyword"},
"cpu_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"creation_date"=>{"type"=>"date"}, "exports"=>{"type"=>"flattened"},
"header"=>{"properties"=>{"abi_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"class"=>{"ignore_above"=>1024, "type"=>"keyword"}, "data"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "entrypoint"=>{"type"=>"long"},
"object_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"os_abi"=>{"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"imports"=>{"type"=>"flattened"},
"sections"=>{"properties"=>{"chi2"=>{"type"=>"long"}, "entropy"=>{"type"=>"long"},
"flags"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "physical_offset"=>{"ignore_above"=>1024, "type"=>"keyword"},
"physical_size"=>{"type"=>"long"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "virtual_address"=>{"type"=>"long"},
"virtual_size"=>{"type"=>"long"}}, "type"=>"nested"},
"segments"=>{"properties"=>{"sections"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}, "type"=>"nested"},
"shared_libraries"=>{"ignore_above"=>1024, "type"=>"keyword"},
"telfhash"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"extension"=>{"ignore_above"=>1024, "type"=>"keyword"},
"fork_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"gid"=>{"ignore_above"=>1024, "type"=>"keyword"}, "group"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "sha1"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha256"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha512"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ssdeep"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"inode"=>{"ignore_above"=>1024, "type"=>"keyword"},
"mime_type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"mode"=>{"ignore_above"=>1024, "type"=>"keyword"}, "mtime"=>{"type"=>"date"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"}, "owner"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "path"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"pe"=>{"properties"=>{"architecture"=>{"ignore_above"=>1024, "type"=>"keyword"},
"company"=>{"ignore_above"=>1024, "type"=>"keyword"},
"description"=>{"ignore_above"=>1024, "type"=>"keyword"},
"file_version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"imphash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"original_file_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"product"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "size"=>{"type"=>"long"},
"target_path"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "uid"=>{"ignore_above"=>1024, "type"=>"keyword"},
"x509"=>{"properties"=>{"alternative_names"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "issuer"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"not_after"=>{"type"=>"date"}, "not_before"=>{"type"=>"date"},
"public_key_algorithm"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_exponent"=>{"doc_values"=>false, "index"=>false, "type"=>"long"},
"public_key_size"=>{"type"=>"long"}, "serial_number"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "signature_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"subject"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version_number"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"first_seen"=>{"type"=>"date"},
"geo"=>{"properties"=>{"city_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"continent_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"country_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"location"=>{"type"=>"geo_point"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "postal_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_iso_code"=>{"ignore_above"=>1024, "type"=>"keyword"},
"region_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"timezone"=>{"ignore_above"=>1024, "type"=>"keyword"}}}, "ip"=>{"type"=>"ip"},
"last_seen"=>{"type"=>"date"},
"marking"=>{"properties"=>{"tlp"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"modified_at"=>{"type"=>"date"}, "port"=>{"type"=>"long"},
"provider"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"},
"registry"=>{"properties"=>{"data"=>{"properties"=>{"bytes"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "strings"=>{"type"=>"wildcard"}, "type"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hive"=>{"ignore_above"=>1024, "type"=>"keyword"},
"key"=>{"ignore_above"=>1024, "type"=>"keyword"}, "path"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "value"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"scanner_stats"=>{"type"=>"long"}, "sightings"=>{"type"=>"long"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"url"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"extension"=>{"ignore_above"=>1024, "type"=>"keyword"},
"fragment"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "type"=>"wildcard"},
"original"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "type"=>"wildcard"},
"password"=>{"ignore_above"=>1024, "type"=>"keyword"},
"path"=>{"type"=>"wildcard"}, "port"=>{"type"=>"long"},
"query"=>{"ignore_above"=>1024, "type"=>"keyword"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"scheme"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"username"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"x509"=>{"properties"=>{"alternative_names"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "issuer"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"not_after"=>{"type"=>"date"}, "not_before"=>{"type"=>"date"},
"public_key_algorithm"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_exponent"=>{"doc_values"=>false, "index"=>false, "type"=>"long"},
"public_key_size"=>{"type"=>"long"}, "serial_number"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "signature_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"subject"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version_number"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"software"=>{"properties"=>{"alias"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "platforms"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "reference"=>{"ignore_above"=>1024, "type"=>"keyword"},
"type"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"tactic"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"technique"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "reference"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subtechnique"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "reference"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}}}},
"tls"=>{"properties"=>{"cipher"=>{"ignore_above"=>1024, "type"=>"keyword"},
"client"=>{"properties"=>{"certificate"=>{"ignore_above"=>1024, "type"=>"keyword"},
"certificate_chain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha1"=>{"ignore_above"=>1024, "type"=>"keyword"}, "sha256"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "issuer"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ja3"=>{"ignore_above"=>1024, "type"=>"keyword"}, "not_after"=>{"type"=>"date"},
"not_before"=>{"type"=>"date"}, "server_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "subject"=>{"ignore_above"=>1024, "type"=>"keyword"},
"supported_ciphers"=>{"ignore_above"=>1024, "type"=>"keyword"},
"x509"=>{"properties"=>{"alternative_names"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "issuer"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"not_after"=>{"type"=>"date"}, "not_before"=>{"type"=>"date"},
"public_key_algorithm"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_exponent"=>{"doc_values"=>false, "index"=>false, "type"=>"long"},
"public_key_size"=>{"type"=>"long"}, "serial_number"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "signature_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"subject"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version_number"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"established"=>{"type"=>"boolean"}, "next_protocol"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "resumed"=>{"type"=>"boolean"},
"server"=>{"properties"=>{"certificate"=>{"ignore_above"=>1024, "type"=>"keyword"},
"certificate_chain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"hash"=>{"properties"=>{"md5"=>{"ignore_above"=>1024, "type"=>"keyword"},
"sha1"=>{"ignore_above"=>1024, "type"=>"keyword"}, "sha256"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "issuer"=>{"ignore_above"=>1024, "type"=>"keyword"},
"ja3s"=>{"ignore_above"=>1024, "type"=>"keyword"}, "not_after"=>{"type"=>"date"},
"not_before"=>{"type"=>"date"}, "subject"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"x509"=>{"properties"=>{"alternative_names"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "issuer"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"not_after"=>{"type"=>"date"}, "not_before"=>{"type"=>"date"},
"public_key_algorithm"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_curve"=>{"ignore_above"=>1024, "type"=>"keyword"},
"public_key_exponent"=>{"doc_values"=>false, "index"=>false, "type"=>"long"},
"public_key_size"=>{"type"=>"long"}, "serial_number"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "signature_algorithm"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"subject"=>{"properties"=>{"common_name"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "country"=>{"ignore_above"=>1024, "type"=>"keyword"},
"distinguished_name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"locality"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organization"=>{"ignore_above"=>1024, "type"=>"keyword"},
"organizational_unit"=>{"ignore_above"=>1024, "type"=>"keyword"},
"state_or_province"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version_number"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version_protocol"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"trace"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"transaction"=>{"properties"=>{"id"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"url"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"extension"=>{"ignore_above"=>1024, "type"=>"keyword"},
"fragment"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "type"=>"wildcard"},
"original"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "type"=>"wildcard"},
"password"=>{"ignore_above"=>1024, "type"=>"keyword"},
"path"=>{"type"=>"wildcard"}, "port"=>{"type"=>"long"},
"query"=>{"ignore_above"=>1024, "type"=>"keyword"},
"registered_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"scheme"=>{"ignore_above"=>1024, "type"=>"keyword"},
"subdomain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"top_level_domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"username"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"user"=>{"properties"=>{"changes"=>{"properties"=>{"domain"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"effective"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"},
"target"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"email"=>{"ignore_above"=>1024, "type"=>"keyword"},
"full_name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"},
"group"=>{"properties"=>{"domain"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"}, "name"=>{"ignore_above"=>1024,
"type"=>"keyword"}}}, "hash"=>{"ignore_above"=>1024, "type"=>"keyword"},
"id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "roles"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}},
"user_agent"=>{"properties"=>{"device"=>{"properties"=>{"name"=>{"ignore_above"=>10
24, "type"=>"keyword"}}}, "name"=>{"ignore_above"=>1024, "type"=>"keyword"},
"original"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}}, "ignore_above"=>1024,
"type"=>"keyword"}, "os"=>{"properties"=>{"family"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "full"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "kernel"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "name"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "platform"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "type"=>{"ignore_above"=>1024, "type"=>"keyword"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"vulnerability"=>{"properties"=>{"category"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "classification"=>{"ignore_above"=>1024,
"type"=>"keyword"},
"description"=>{"fields"=>{"text"=>{"type"=>"match_only_text"}},
"ignore_above"=>1024, "type"=>"keyword"}, "enumeration"=>{"ignore_above"=>1024,
"type"=>"keyword"}, "id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"reference"=>{"ignore_above"=>1024, "type"=>"keyword"},
"report_id"=>{"ignore_above"=>1024, "type"=>"keyword"},
"scanner"=>{"properties"=>{"vendor"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"score"=>{"properties"=>{"base"=>{"type"=>"float"},
"environmental"=>{"type"=>"float"}, "temporal"=>{"type"=>"float"},
"version"=>{"ignore_above"=>1024, "type"=>"keyword"}}},
"severity"=>{"ignore_above"=>1024, "type"=>"keyword"}}}}}}, "priority"=>200,
"_meta"=>{"description"=>"ECS index template for logstash-output-elasticsearch"}}}
[2024-02-25T[Link],153][DEBUG][[Link]][azure_waf_access]
Found existing Elasticsearch template, skipping template management
{:name=>"yokogawa-azure-waf"}
[2024-02-25T[Link],199][DEBUG][[Link]] check
update {:endpoint=>"[Link]
8c9e-9d5e0ecb1b8c&elastic_geoip_service_tos=agree", :response=>200}
[2024-02-25T[Link],275][INFO ][[Link]] new
database version detected? false
[2024-02-25T[Link],528][INFO ][[Link]]
[azure_waf_access] By not manually configuring a database path with `database =>`,
you accepted and agreed MaxMind EULA. For more details please visit
[Link]
[2024-02-25T[Link],546][INFO ][[Link] ][azure_waf_access] Using
geoip database
{:path=>"/var/lib/logstash/plugins/filters/geoip/1708831720/[Link]"}
[2024-02-25T[Link],627][WARN ][[Link] ][azure_waf_access]
'[Link]' is enabled and is likely less efficient, consider disabling if
preserving event order is not necessary
[2024-02-25T[Link],756][INFO ][[Link] ][azure_waf_access]
Starting pipeline {:pipeline_id=>"azure_waf_access", "[Link]"=>1,
"[Link]"=>125, "[Link]"=>50,
"pipeline.max_inflight"=>125, "[Link]"=>["/etc/logstash/conf.d/yhq-
[Link]"], :thread=>"#<Thread:0x3de9cd2d
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],400][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],407][DEBUG]
[[Link]] Inner FlowMetric lazy-
initialized for queue_persisted_growth_events
[2024-02-25T[Link],408][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],425][DEBUG]
[[Link]] Inner FlowMetric lazy-
initialized for queue_persisted_growth_bytes
[2024-02-25T[Link],227][INFO ][[Link] ][azure_waf_access]
Pipeline Java execution initialization time {"seconds"=>1.47}
[2024-02-25T[Link],273][DEBUG][[Link]][azure_waf_access]
Exploded Event Hub configuration.
{:event_hubs_exploded=>"[{\"event_hubs\"=>[\"insights-logs-
applicationgatewayaccesslog\"], \"event_hub_connections\"=>[<password>], \"consumer
_group\"=>\"$Default\", \"type\"=>\"azure_waf\", \"initial_position\"=>\"end\", \"d
ecorate_events\"=>true, \"threads\"=>8, \"enable_metric\"=>true, \"codec\"=><LogSta
sh::Codecs::Plain id=>\"plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1\",
enable_metric=>true, charset=>\"UTF-
8\">, \"add_field\"=>{}, \"config_mode\"=>\"basic\", \"max_batch_size\"=>125, \"pre
fetch_count\"=>300, \"receive_timeout\"=>60, \"initial_position_look_back\"=>86400,
\"checkpoint_interval\"=>5}, {\"event_hubs\"=>[\"insights-logs-
applicationgatewayaccesslog\"], \"event_hub_connections\"=>[<password>], \"consumer
_group\"=>\"$Default\", \"type\"=>\"azure_waf\", \"initial_position\"=>\"end\", \"d
ecorate_events\"=>true, \"threads\"=>8, \"enable_metric\"=>true, \"codec\"=><LogSta
sh::Codecs::Plain id=>\"plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1\",
enable_metric=>true, charset=>\"UTF-
8\">, \"add_field\"=>{}, \"config_mode\"=>\"basic\", \"max_batch_size\"=>125, \"pre
fetch_count\"=>300, \"receive_timeout\"=>60, \"initial_position_look_back\"=>86400,
\"checkpoint_interval\"=>5}]"}
[2024-02-25T[Link],285][INFO ][[Link] ][azure_waf_access]
Pipeline started {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],304][DEBUG][[Link] ] Pipeline started
successfully {:pipeline_id=>"azure_waf_access", :thread=>"#<Thread:0x3de9cd2d
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],307][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],383][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],384][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],400][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],400][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],403][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: New EventProcessorHost created.
[2024-02-25T[Link],403][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: New EventProcessorHost created.
[2024-02-25T[Link],431][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],440][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],443][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting event processing.
[2024-02-25T[Link],501][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting event processing.
[2024-02-25T[Link],525][INFO ][[Link] ] Pipelines running
{:count=>1, :running_pipelines=>[:azure_waf_access], :non_running_pipelines=>[]}
[2024-02-25T[Link],542][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_3373e7_1708832037501], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],542][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_05e877_1708832037473], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],545][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_3373e7_1708832037501] [Link]
[2024-02-25T[Link],552][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_05e877_1708832037473] [Link]
[2024-02-25T[Link],562][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_05e877_1708832037473]
[2024-02-25T[Link],570][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_05e877_1708832037473], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],592][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_3373e7_1708832037501]
[2024-02-25T[Link],592][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_3373e7_1708832037501], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],836][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_3373e7_1708832037501]
[2024-02-25T[Link],836][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_05e877_1708832037473]
[2024-02-25T[Link],086][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_3373e7_1708832037501],
remoteContainer[0dee7b6fd199487aaf6cf57bcbf9a09c_G22]
[2024-02-25T[Link],114][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_3373e7_1708832037501], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],124][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_05e877_1708832037473],
remoteContainer[2635ff2b72224bf3a5d013237fd6ff08_G31]
[2024-02-25T[Link],133][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_05e877_1708832037473], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],134][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_3373e7_1708832037501], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],134][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_05e877_1708832037473], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],144][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],144][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],151][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],152][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],154][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_3373e7_1708832037501], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],154][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],154][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[mgmt], linkName[mgmt:sender], unsettled[0], credit[100]
[2024-02-25T[Link],154][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],157][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_05e877_1708832037473], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],158][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],158][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[mgmt], linkName[mgmt:sender], unsettled[0], credit[100]
[2024-02-25T[Link],158][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],172][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_3373e7_1708832037501],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],173][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[mgmt], linkName[mgmt:sender], unsettled[1], credit[99]
[2024-02-25T[Link],177][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_05e877_1708832037473],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],178][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[mgmt], linkName[mgmt:sender], unsettled[1], credit[99]
[2024-02-25T[Link],181][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],182][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Found partition with id: 0
[2024-02-25T[Link],182][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Found partition with id: 1
[2024-02-25T[Link],187][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Found partition with id: 2
[2024-02-25T[Link],187][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Found partition with id: 3
[2024-02-25T[Link],187][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_88537a_1708832037454]
[2024-02-25T[Link],187][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_05e877_1708832037473]
[2024-02-25T[Link],190][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_05e877_1708832037473], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],198][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],198][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],198][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],198][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_05e877_1708832037473], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],191][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: createLeaseStoreIfNotExists()
[2024-02-25T[Link],201][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: createCheckpointStoreIfNotExists()
[2024-02-25T[Link],202][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: createLeaseIfNotExists() creating new
lease
[2024-02-25T[Link],203][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 1: createLeaseIfNotExists() creating new
lease
[2024-02-25T[Link],203][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: createLeaseIfNotExists() creating new
lease
[2024-02-25T[Link],203][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 3: createLeaseIfNotExists() creating new
lease
[2024-02-25T[Link],203][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: createCheckpointIfNotExists() creating new
checkpoint
[2024-02-25T[Link],203][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 1: createCheckpointIfNotExists() creating new
checkpoint
[2024-02-25T[Link],204][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: createCheckpointIfNotExists() creating new
checkpoint
[2024-02-25T[Link],204][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 3: createCheckpointIfNotExists() creating new
checkpoint
[2024-02-25T[Link],204][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner first pass
[2024-02-25T[Link],207][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],209][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
expired -1708832038209
[2024-02-25T[Link],209][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -1708832038209
[2024-02-25T[Link],209][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
expired -1708832038209
[2024-02-25T[Link],209][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
expired -1708832038209
[2024-02-25T[Link],211][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],211][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],211][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],211][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],212][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_05e877_1708832037473],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],212][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_05e877_1708832037473], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],217][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],217][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: -1 Rotating leases to start at
2
[2024-02-25T[Link],217][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 1 Desired owned count is 1
[2024-02-25T[Link],217][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 0 leasesOwnedByOthers 0
unowned 4
[2024-02-25T[Link],217][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '2'[0] need 1
[2024-02-25T[Link],217][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Finding expired leases from '2'[0] up to
'3'[1]
[2024-02-25T[Link],218][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Found in range: 1
[2024-02-25T[Link],220][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: getLease()
[2024-02-25T[Link],223][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: acquireLease()
[2024-02-25T[Link],223][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
expired -1708832038223
[2024-02-25T[Link],223][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: acquireLease() acquired lease
[2024-02-25T[Link],223][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_05e877_1708832037473],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],223][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_05e877_1708832037473], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],224][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_05e877_1708832037473], error[n/a]
[2024-02-25T[Link],224][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_05e877_1708832037473], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],224][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_05e877_1708832037473], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],224][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_05e877_1708832037473], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],224][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_05e877_1708832037473], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],225][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_05e877_1708832037473], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],233][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],234][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found partition with id: 0
[2024-02-25T[Link],234][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found partition with id: 1
[2024-02-25T[Link],235][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found partition with id: 2
[2024-02-25T[Link],235][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found partition with id: 3
[2024-02-25T[Link],242][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: createLeaseStoreIfNotExists()
[2024-02-25T[Link],227][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Acquired unowned/expired
[2024-02-25T[Link],242][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: creating new pump
[2024-02-25T[Link],255][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Creating and opening event processor
instance
[2024-02-25T[Link],256][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: createCheckpointStoreIfNotExists()
[2024-02-25T[Link],267][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: createLeaseIfNotExists() found existing
lease, OK
[2024-02-25T[Link],267][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: createLeaseIfNotExists() found existing
lease, OK
[2024-02-25T[Link],267][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 2: createLeaseIfNotExists() found existing
lease, OK
[2024-02-25T[Link],267][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: createLeaseIfNotExists() found existing
lease, OK
[2024-02-25T[Link],267][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: createCheckpointIfNotExists() found
existing checkpoint, OK
[2024-02-25T[Link],267][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: createCheckpointIfNotExists() found
existing checkpoint, OK
[2024-02-25T[Link],267][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 2: createCheckpointIfNotExists() found
existing checkpoint, OK
[2024-02-25T[Link],267][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: createCheckpointIfNotExists() found
existing checkpoint, OK
[2024-02-25T[Link],268][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner first pass
[2024-02-25T[Link],268][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],268][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],268][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
expired -1708832038268
[2024-02-25T[Link],268][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -1708832038268
[2024-02-25T[Link],268][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 29955
[2024-02-25T[Link],269][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
expired -1708832038269
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: -1 Rotating leases to start at
3
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 1
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 0 leasesOwnedByOthers 1
unowned 3
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '3'[0] need 1
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '3'[0] up to
'0'[1]
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 1
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: getLease()
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: acquireLease()
[2024-02-25T[Link],269][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
expired -1708832038269
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: acquireLease() acquired lease
[2024-02-25T[Link],269][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Acquired unowned/expired
[2024-02-25T[Link],269][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: creating new pump
[2024-02-25T[Link],269][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Creating and opening event processor
instance
[2024-02-25T[Link],235][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_f28190_1708832037501]
[2024-02-25T[Link],272][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_3373e7_1708832037501]
[2024-02-25T[Link],272][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '0'[1] need 0
[2024-02-25T[Link],272][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],272][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 4
[2024-02-25T[Link],272][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 30
[2024-02-25T[Link],273][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_3373e7_1708832037501], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],273][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],273][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],273][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],273][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_3373e7_1708832037501], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],258][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],274][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],257][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '3'[1] need 0
[2024-02-25T[Link],275][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],292][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 85
[2024-02-25T[Link],292][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 30
[2024-02-25T[Link],287][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],276][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_3373e7_1708832037501],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_3373e7_1708832037501], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_3373e7_1708832037501],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],293][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_3373e7_1708832037501], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_3373e7_1708832037501], error[n/a]
[2024-02-25T[Link],293][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_3373e7_1708832037501], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],294][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_3373e7_1708832037501], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],294][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_3373e7_1708832037501], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],294][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_3373e7_1708832037501], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],294][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_3373e7_1708832037501], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],329][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@id = "plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1"
[2024-02-25T[Link],329][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@enable_metric = true
[2024-02-25T[Link],329][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@charset = "UTF-8"
[2024-02-25T[Link],343][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@id = "plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1"
[2024-02-25T[Link],344][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@enable_metric = true
[2024-02-25T[Link],344][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@charset = "UTF-8"
[2024-02-25T[Link],363][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is opening.
[2024-02-25T[Link],363][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Opening EH client
[2024-02-25T[Link],364][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_1e7a59_1708832038364], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],365][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_1e7a59_1708832038364] [Link]
[2024-02-25T[Link],365][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_1e7a59_1708832038364]
[2024-02-25T[Link],373][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_1e7a59_1708832038364], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],375][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_1e7a59_1708832038364]
[2024-02-25T[Link],364][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is opening.
[2024-02-25T[Link],383][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Opening EH client
[2024-02-25T[Link],384][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_00b33c_1708832038383], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],384][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_00b33c_1708832038383] [Link]
[2024-02-25T[Link],384][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_00b33c_1708832038383]
[2024-02-25T[Link],384][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_00b33c_1708832038383], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],392][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_00b33c_1708832038383]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_1e7a59_1708832038364],
remoteContainer[4b33cce5bf1a485ca8cbeb4ac8571634_G17]
[2024-02-25T[Link],463][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: getCheckpoint() uninitalized
[2024-02-25T[Link],463][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Calling user-provided initial position
provider
[2024-02-25T[Link],465][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],465][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],473][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_00b33c_1708832038383],
remoteContainer[5524d93dbdef4c24a035bd29c242dc7f_G9]
[2024-02-25T[Link],475][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: getCheckpoint() uninitalized
[2024-02-25T[Link],475][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Calling user-provided initial position
provider
[2024-02-25T[Link],475][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],475][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],503][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],504][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_1e7a59_1708832038364], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],514][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_1e7a59_1708832038364], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],515][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],515][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],513][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_00b33c_1708832038383], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],516][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_00b33c_1708832038383], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],516][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],516][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],524][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_00b33c_1708832038383], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],524][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],524][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[0], credit[100]
[2024-02-25T[Link],524][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],525][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_00b33c_1708832038383],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],525][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[99]
[2024-02-25T[Link],533][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_1e7a59_1708832038364], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],533][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],533][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[0], credit[100]
[2024-02-25T[Link],533][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],534][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_1e7a59_1708832038364],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],535][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[99]
[2024-02-25T[Link],536][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_00b33c_1708832038383], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],536][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_00b33c_1708832038383], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],544][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_00b33c_1708832038383], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],544][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],545][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
linkName[LN_c22bd3_1708832038545_dc7f_G9], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],564][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_1e7a59_1708832038364], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],566][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_1e7a59_1708832038364], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],566][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
linkName[LN_c22bd3_1708832038545_dc7f_G9], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@11a4718
8}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],573][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], linkName[LN_c22bd3_1708832038545_dc7f_G9], updated-link-credit[300],
sentCredits[300], ThreadId[41]
[2024-02-25T[Link],573][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], linkName[LN_c22bd3_1708832038545_dc7f_G9], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],573][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: EH client and receiver creation finished
[2024-02-25T[Link],575][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_1e7a59_1708832038364], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],575][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],575][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
linkName[LN_163586_1708832038575_634_G17], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],584][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].584711564Z], remaining: [60] secs
[2024-02-25T[Link],586][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],596][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
linkName[LN_163586_1708832038575_634_G17], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@2095ac5
b}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],605][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: EH client and receiver creation finished
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - schedule operation timer, current:
[2024-02-25T[Link].605910017Z], remaining: [60] secs
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], linkName[LN_163586_1708832038575_634_G17], updated-link-credit[300],
sentCredits[300], ThreadId[47]
[2024-02-25T[Link],607][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], linkName[LN_163586_1708832038575_634_G17], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],781][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],782][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],849][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],448][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],449][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],744][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],745][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],764][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],463][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],464][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],735][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],736][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],748][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],586][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],586][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],587][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],739][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],740][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],755][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],471][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],471][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],737][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],738][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],749][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],727][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],735][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],745][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],479][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],479][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],587][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],587][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],587][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],726][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],727][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],736][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],493][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],493][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],727][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],727][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],737][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],458][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.006153092S`)
[2024-02-25T[Link],466][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.014451169S`)
[2024-02-25T[Link],466][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.014593272S`)
[2024-02-25T[Link],509][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],510][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],120][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],307][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],483][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313425944//1261831
[2024-02-25T[Link],490][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313425944//1261831
[2024-02-25T[Link],492][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 3019 bytes.
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - schedule operation timer, current:
[2024-02-25T[Link].492720713Z], remaining: [60] secs
[2024-02-25T[Link],754][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],772][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].178001589Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":42678,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&spa
ce=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":383,\"sentBytes\":509,\"connectionSerialNumber\":509771,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"51f30c8477b926
ee91873705d6ca3061\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7228,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509772,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"507685a84f4aa7
200b41184834f17966\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":42678,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&spa
ce=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":383,\"sentBytes\":509,\"connectionSerialNumber\":509771,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"51f30c8477b926
ee91873705d6ca3061\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7228,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509772,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"507685a84f4aa7
200b41184834f17966\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],834][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],848][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>42678, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"51f30c8477b926ee91873705d6ca3061",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>509,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509771, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>383,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>7228, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"507685a84f4aa7200b41184834f17966",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>508,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509772, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>382,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].178001589Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":42678,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&spa
ce=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":383,\"sentBytes\":509,\"connectionSerialNumber\":509771,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"51f30c8477b926
ee91873705d6ca3061\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7228,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509772,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"507685a84f4aa7
200b41184834f17966\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":42678,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&spa
ce=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":383,\"sentBytes\":509,\"connectionSerialNumber\":509771,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"51f30c8477b926
ee91873705d6ca3061\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7228,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509772,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"507685a84f4aa7
200b41184834f17966\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\"
:\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\
"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],968][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>42678, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"51f30c8477b926ee91873705d6ca3061", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>509,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509771, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>383,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=9024&mode=al2&namber=5789364&no=0&page=0&rev=1&space=45",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],988][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>7228, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"507685a84f4aa7200b41184834f17966", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>508,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509772, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>382,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],278][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],278][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
expired -1708832068278
[2024-02-25T[Link],278][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -1708832068278
[2024-02-25T[Link],287][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20300
[2024-02-25T[Link],287][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20320
[2024-02-25T[Link],287][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],287][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],287][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],287][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 1 leasesOwnedByOthers 1
unowned 2
[2024-02-25T[Link],287][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 1
[2024-02-25T[Link],287][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '2'[0] up to
'3'[1]
[2024-02-25T[Link],287][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 0
[2024-02-25T[Link],288][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '3'[1] need 1
[2024-02-25T[Link],288][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '3'[1] up to
'0'[2]
[2024-02-25T[Link],288][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 0
[2024-02-25T[Link],296][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],296][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
expired -1708832068296
[2024-02-25T[Link],296][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -1708832068296
[2024-02-25T[Link],296][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20291
[2024-02-25T[Link],296][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20311
[2024-02-25T[Link],297][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '0'[2] need 1
[2024-02-25T[Link],297][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '0'[2] up to
'1'[3]
[2024-02-25T[Link],297][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 1
[2024-02-25T[Link],297][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],297][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],297][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],298][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 1 leasesOwnedByOthers 1
unowned 2
[2024-02-25T[Link],298][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 1
[2024-02-25T[Link],298][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Finding expired leases from '0'[0] up to
'1'[1]
[2024-02-25T[Link],298][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Found in range: 1
[2024-02-25T[Link],298][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: getLease()
[2024-02-25T[Link],305][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: getLease()
[2024-02-25T[Link],306][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: acquireLease()
[2024-02-25T[Link],306][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
expired -1708832068306
[2024-02-25T[Link],306][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: acquireLease() acquired lease
[2024-02-25T[Link],306][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: acquireLease()
[2024-02-25T[Link],306][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 30000
[2024-02-25T[Link],306][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: acquireLease() stole lease from logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6
[2024-02-25T[Link],307][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Acquired unowned/expired
[2024-02-25T[Link],307][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: creating new pump
[2024-02-25T[Link],314][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Creating and opening event processor
instance
[2024-02-25T[Link],307][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Acquired unowned/expired
[2024-02-25T[Link],326][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '1'[3] need 0
[2024-02-25T[Link],326][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],335][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: creating new pump
[2024-02-25T[Link],346][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Creating and opening event processor
instance
[2024-02-25T[Link],347][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '1'[1] need 0
[2024-02-25T[Link],348][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],348][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@id = "plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1"
[2024-02-25T[Link],340][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 62
[2024-02-25T[Link],348][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],348][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 52
[2024-02-25T[Link],348][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],345][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@id = "plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1"
[2024-02-25T[Link],356][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@enable_metric = true
[2024-02-25T[Link],356][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@charset = "UTF-8"
[2024-02-25T[Link],348][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@enable_metric = true
[2024-02-25T[Link],357][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@charset = "UTF-8"
[2024-02-25T[Link],365][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is opening.
[2024-02-25T[Link],365][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Opening EH client
[2024-02-25T[Link],367][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_dea4fe_1708832068367], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],366][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is opening.
[2024-02-25T[Link],375][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Opening EH client
[2024-02-25T[Link],377][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_de12bf_1708832068377], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],377][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_de12bf_1708832068377] [Link]
[2024-02-25T[Link],385][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_de12bf_1708832068377]
[2024-02-25T[Link],385][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_de12bf_1708832068377], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],386][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_de12bf_1708832068377]
[2024-02-25T[Link],388][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_dea4fe_1708832068367] [Link]
[2024-02-25T[Link],388][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_dea4fe_1708832068367]
[2024-02-25T[Link],388][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_dea4fe_1708832068367], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],415][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_dea4fe_1708832068367]
[2024-02-25T[Link],580][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_de12bf_1708832068377],
remoteContainer[8c430f54cd3e424d9acf5479afe7ad90_G21]
[2024-02-25T[Link],570][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_dea4fe_1708832068367],
remoteContainer[3bb97820beda43f7a42712dc1b8ade07_G30]
[2024-02-25T[Link],588][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],589][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],589][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: getCheckpoint() uninitalized
[2024-02-25T[Link],589][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Calling user-provided initial position
provider
[2024-02-25T[Link],589][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],589][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],589][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],588][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: getCheckpoint() uninitalized
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Calling user-provided initial position
provider
[2024-02-25T[Link],597][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],598][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],597][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],598][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_dea4fe_1708832068367], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],598][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_dea4fe_1708832068367], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],599][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],599][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],600][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],608][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],608][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_dea4fe_1708832068367], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],608][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],608][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[0], credit[100]
[2024-02-25T[Link],608][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],608][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_dea4fe_1708832068367],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],609][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[99]
[2024-02-25T[Link],609][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],609][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_de12bf_1708832068377], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],610][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_de12bf_1708832068377], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],617][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_dea4fe_1708832068367], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],618][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_dea4fe_1708832068367], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],619][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],619][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],620][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_dea4fe_1708832068367], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],620][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],627][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
linkName[LN_f9801c_1708832068620_e07_G30], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],629][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_de12bf_1708832068377], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],629][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],629][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[0], credit[100]
[2024-02-25T[Link],629][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],630][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_de12bf_1708832068377],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],630][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[99]
[2024-02-25T[Link],638][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_de12bf_1708832068377], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],638][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_de12bf_1708832068377], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],640][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_de12bf_1708832068377], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],640][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],640][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
linkName[LN_2e18ae_1708832068640_d90_G21], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],648][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
linkName[LN_2e18ae_1708832068640_d90_G21], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@7bcce0b
7}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],648][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], linkName[LN_2e18ae_1708832068640_d90_G21], updated-link-credit[300],
sentCredits[300], ThreadId[41]
[2024-02-25T[Link],648][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], linkName[LN_2e18ae_1708832068640_d90_G21], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],649][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: EH client and receiver creation finished
[2024-02-25T[Link],649][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_2e18ae_1708832068640_d90_G21] - schedule operation timer, current:
[2024-02-25T[Link].649335625Z], remaining: [60] secs
[2024-02-25T[Link],649][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],657][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
linkName[LN_f9801c_1708832068620_e07_G30], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@37ab7be
e}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],657][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], linkName[LN_f9801c_1708832068620_e07_G30], updated-link-credit[300],
sentCredits[300], ThreadId[47]
[2024-02-25T[Link],657][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], linkName[LN_f9801c_1708832068620_e07_G30], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],658][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: EH client and receiver creation finished
[2024-02-25T[Link],658][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].658225415Z], remaining: [60] secs
[2024-02-25T[Link],658][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],800][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>17105, :content_length=>2066, :batch_offset=>0}
[2024-02-25T[Link],735][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],736][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],766][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],079][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is processing a batch of
size 1.
[2024-02-25T[Link],085][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Saving checkpoint: 1533306928384//1261812
[2024-02-25T[Link],085][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: updateCheckpoint() 1533306928384//1261812
[2024-02-25T[Link],085][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 finished processing a batch
of 3436 bytes.
[2024-02-25T[Link],085][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_2e18ae_1708832068640_d90_G21] - schedule operation timer, current:
[2024-02-25T[Link].085570178Z], remaining: [60] secs
[2024-02-25T[Link],136][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].083880542Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27342,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":7827,\"connectionSerialNumber\":509774,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"88415ba40e5287398d64d93ed1e66824\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"27556\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":54368,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0&quot;&gt;male\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0&quot;&gt;male\",\"userAgen
t\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":595,\"sentBytes\":496,\"connectionSerialNumber\":509793,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b93ff83736bf4
b039da2cea895b79ae\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27342,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":7827,\"connectionSerialNumber\":509774,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"88415ba40e5287398d64d93ed1e66824\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"27556\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":54368,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0&quot;&gt;male\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0&quot;&gt;male\",\"userAgen
t\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":595,\"sentBytes\":496,\"connectionSerialNumber\":509793,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b93ff83736bf4
b039da2cea895b79ae\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],145][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>27342,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"88415ba40e5287398d64d93ed1e66824", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7827,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509774, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>382,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"27556",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>54368, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"9b93ff83736bf4b039da2cea895b79ae",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0&quot;&gt;male", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>496, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509793, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>595,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&namber=41284&no=0&quot;&gt;male",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].083880542Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27342,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":7827,\"connectionSerialNumber\":509774,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"88415ba40e5287398d64d93ed1e66824\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"27556\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":54368,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0&quot;&gt;male\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0&quot;&gt;male\",\"userAgen
t\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":595,\"sentBytes\":496,\"connectionSerialNumber\":509793,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b93ff83736bf4
b039da2cea895b79ae\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27342,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=45\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":7827,\"connectionSerialNumber\":509774,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"88415ba40e5287398d64d93ed1e66824\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"27556\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\",
\"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":54368,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0&quot;&gt;male\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0&quot;&gt;male\",\"userAgen
t\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":595,\"sentBytes\":496,\"connectionSerialNumber\":509793,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b93ff83736bf4
b039da2cea895b79ae\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],148][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>27342,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"88415ba40e5287398d64d93ed1e66824", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7827,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509774, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>382,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=30944&mode=al2&namber=41284&no=0&page=0&rev=1&space=45",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"27556",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],155][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>54368, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"9b93ff83736bf4b039da2cea895b79ae", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0&quot;&gt;male", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>496, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509793, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>595,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&namber=41284&no=0&quot;&gt;male",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],186][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>19372, :content_length=>3004, :batch_offset=>0}
[2024-02-25T[Link],469][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.014303566S`)
[2024-02-25T[Link],469][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.014676974S`)
[2024-02-25T[Link],469][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.014808577S`)
[2024-02-25T[Link],469][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.01497858S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.015106683S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.015222085S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.015361989S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.015486091S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.015579693S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.015671995S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.015764597S`)
[2024-02-25T[Link],470][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.0158638S`)
[2024-02-25T[Link],471][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.015960001S`)
[2024-02-25T[Link],471][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.016055003S`)
[2024-02-25T[Link],471][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.016178406S`)
[2024-02-25T[Link],471][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.016572015S`)
[2024-02-25T[Link],523][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],523][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 24957
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -1708832073349
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25240
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 24957
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25259
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -1708832073349
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25240
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 1 leasesOwnedByOthers 2
unowned 1
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 1
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '2'[0] up to
'3'[1]
[2024-02-25T[Link],349][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 0
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '3'[1] need 1
[2024-02-25T[Link],349][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25259
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 1
unowned 1
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '3'[1] up to
'0'[2]
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 0
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '0'[2] need 1
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '0'[2] up to
'1'[3]
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 0
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '1'[3] need 1
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Finding expired leases from '1'[3] up to
'end'[4]
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Found in range: 1
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: getLease()
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: acquireLease()
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -1708832073352
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: acquireLease() acquired lease
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Acquired unowned/expired
[2024-02-25T[Link],352][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: creating new pump
[2024-02-25T[Link],352][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Creating and opening event processor
instance
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk skipping, startAt is off end:
4
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 3
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],354][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@id = "plain_bcd08ae6-aa82-4171-bde3-c112f08f1df1"
[2024-02-25T[Link],354][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@enable_metric = true
[2024-02-25T[Link],354][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] config
LogStash::Codecs::Plain/@charset = "UTF-8"
[2024-02-25T[Link],355][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is opening.
[2024-02-25T[Link],362][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Opening EH client
[2024-02-25T[Link],362][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_a4f1ec_1708832073362], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],363][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_a4f1ec_1708832073362] [Link]
[2024-02-25T[Link],363][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362]
[2024-02-25T[Link],363][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],363][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362]
[2024-02-25T[Link],418][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362],
remoteContainer[475a474dabbe4da2a272955e454d445c_G10]
[2024-02-25T[Link],419][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: getCheckpoint() uninitalized
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Calling user-provided initial position
provider
[2024-02-25T[Link],419][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],419][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],422][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],423][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_a4f1ec_1708832073362], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],423][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_a4f1ec_1708832073362], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],434][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],434][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],438][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_a4f1ec_1708832073362], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],438][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],438][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[0], credit[100]
[2024-02-25T[Link],438][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],440][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_a4f1ec_1708832073362],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],440][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[99]
[2024-02-25T[Link],449][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_a4f1ec_1708832073362], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],450][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_a4f1ec_1708832073362], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],459][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_a4f1ec_1708832073362], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],460][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],460][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
linkName[LN_7535a2_1708832073460_45c_G10], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],468][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
linkName[LN_7535a2_1708832073460_45c_G10], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@15c690e
}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],468][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], linkName[LN_7535a2_1708832073460_45c_G10], updated-link-credit[300],
sentCredits[300], ThreadId[44]
[2024-02-25T[Link],468][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], linkName[LN_7535a2_1708832073460_45c_G10], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],472][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: EH client and receiver creation finished
[2024-02-25T[Link],473][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - schedule operation timer, current:
[2024-02-25T[Link].473350395Z], remaining: [60] secs
[2024-02-25T[Link],473][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],726][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],726][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],737][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],309][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],314][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336227856//1261930
[2024-02-25T[Link],314][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336227856//1261930
[2024-02-25T[Link],314][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 3561 bytes.
[2024-02-25T[Link],314][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - schedule operation timer, current:
[2024-02-25T[Link].314420831Z], remaining: [60] secs
[2024-02-25T[Link],365][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].312987601Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45663,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":374,\"sentBytes\":518,\"connectionSerialNumber\":509313,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6be03d3457bf15
d280daea1e588a77e3\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":43125,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&
in=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":7666,\"connectionSerialNumber\":509314,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8cd74d825dda5c375115673f47105acb\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"56240\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45663,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":374,\"sentBytes\":518,\"connectionSerialNumber\":509313,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6be03d3457bf15
d280daea1e588a77e3\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":43125,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&
in=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":7666,\"connectionSerialNumber\":509314,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8cd74d825dda5c375115673f47105acb\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"56240\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],373][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>45663, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"6be03d3457bf15d280daea1e588a77e3",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>518,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509313, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>374,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>43125,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"8cd74d825dda5c375115673f47105acb", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7666,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509314, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>617,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"56240",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].312987601Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45663,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":374,\"sentBytes\":518,\"connectionSerialNumber\":509313,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6be03d3457bf15
d280daea1e588a77e3\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":43125,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&
in=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":7666,\"connectionSerialNumber\":509314,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8cd74d825dda5c375115673f47105acb\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"56240\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45663,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":374,\"sentBytes\":518,\"connectionSerialNumber\":509313,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6be03d3457bf15
d280daea1e588a77e3\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-AZURE_APG01_V2\", \"listenerName\":
\"APG01_Listener12_HTTPS_RepJP\", \"ruleName\": \"APG01_RoutingRule12_RepJP\", \"b
ackendPoolName\": \"APG01_BackendPool12_RepJP\", \"backendSettingName\": \"APG01_HT
TP12_RepJP\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Appl
icationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":43125,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&
in=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":7666,\"connectionSerialNumber\":509314,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8cd74d825dda5c375115673f47105acb\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"56240\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],376][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>45663, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"6be03d3457bf15d280daea1e588a77e3", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>518,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509313, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>374,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=6735&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],383][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>43125,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"8cd74d825dda5c375115673f47105acb", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7666,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509314, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>617,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=3764&namber=5789364&space=0&rev=1&page=0&in=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"56240",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],406][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>20120, :content_length=>2969, :batch_offset=>0}
[2024-02-25T[Link],474][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.007633024S`)
[2024-02-25T[Link],474][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.007957131S`)
[2024-02-25T[Link],529][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],530][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],730][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],730][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],740][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],350][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],350][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 19956
[2024-02-25T[Link],350][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25002
[2024-02-25T[Link],350][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20239
[2024-02-25T[Link],351][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20258
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 19954
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25000
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20237
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20256
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],589][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],589][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],609][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],649][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: leaseRenewer()
[2024-02-25T[Link],649][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: renewLease()
[2024-02-25T[Link],649][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: renewLease() not renewed because we don't
own lease
[2024-02-25T[Link],649][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Lease lost, shutting down pump
[2024-02-25T[Link],650][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Setting receive handler to null
[2024-02-25T[Link],658][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],658][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],658][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],964][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is processing a batch of
size 1.
[2024-02-25T[Link],974][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Saving checkpoint: 6725919630712//1542130
[2024-02-25T[Link],974][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: updateCheckpoint() 6725919630712//1542130
[2024-02-25T[Link],974][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 finished processing a batch
of 2067 bytes.
[2024-02-25T[Link],974][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].974468399Z], remaining: [60] secs
[2024-02-25T[Link],025][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].966762434Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62211,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36271,\"sentBytes\":138496,\"connectionSerialNumber\":53526
7,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.071,\"W
AFEvaluationTime\":\"0.028\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"5d92e3817f5aec8f2268adb2d24a6ddc\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"35654\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62211,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36271,\"sentBytes\":138496,\"connectionSerialNumber\":53526
7,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.071,\"W
AFEvaluationTime\":\"0.028\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"5d92e3817f5aec8f2268adb2d24a6ddc\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"35654\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],026][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62211, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.71e-1,
"transactionId"=>"5d92e3817f5aec8f2268adb2d24a6ddc", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.028",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>138496, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535267, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>36271, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"35654", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.040"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"}],
"@timestamp"=>2024-02-25T[Link].966762434Z, "message"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_
RoutingRule01\", \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62211,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36271,\"sentBytes\":138496,\"connectionSerialNumber\":53526
7,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.071,\"W
AFEvaluationTime\":\"0.028\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"5d92e3817f5aec8f2268adb2d24a6ddc\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"35654\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62211,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36271,\"sentBytes\":138496,\"connectionSerialNumber\":53526
7,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.071,\"W
AFEvaluationTime\":\"0.028\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"5d92e3817f5aec8f2268adb2d24a6ddc\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"35654\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],033][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62211, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.71e-1,
"transactionId"=>"5d92e3817f5aec8f2268adb2d24a6ddc", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.028",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>138496, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535267, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>36271, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"35654", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.040"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],045][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6977, :content_length=>1940, :batch_offset=>0}
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],726][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],735][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],540][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],541][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],727][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],737][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25306
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20000
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25237
[2024-02-25T[Link],352][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25258
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25305
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 19999
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25236
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25257
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],473][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],473][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],474][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],726][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],727][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],736][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],550][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],551][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20305
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25121
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20236
[2024-02-25T[Link],353][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20257
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20304
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25120
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20235
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20256
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],658][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],659][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],659][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],727][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],736][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],557][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],558][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],353][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25305
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20120
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25236
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25256
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25305
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20120
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25236
[2024-02-25T[Link],354][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25256
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],354][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],474][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],474][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],474][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],486][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.005273461S`)
[2024-02-25T[Link],486][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005573768S`)
[2024-02-25T[Link],486][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005676569S`)
[2024-02-25T[Link],571][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],571][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20304
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25119
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20235
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20255
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20304
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25119
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20235
[2024-02-25T[Link],355][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20255
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],355][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],587][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - Reschedule operation timer,
current: [2024-02-25T[Link].586983966Z], remaining: [40] secs
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].616048990Z], remaining: [28] secs
[2024-02-25T[Link],659][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],659][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],659][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],744][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],490][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.006422786S`)
[2024-02-25T[Link],490][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.006672592S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.006751593S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.006883996S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.006967497S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.007037599S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.0070932S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.007153702S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.007209902S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.007282604S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.007342705S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.007399007S`)
[2024-02-25T[Link],491][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.007500409S`)
[2024-02-25T[Link],492][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.007581911S`)
[2024-02-25T[Link],492][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.007619011S`)
[2024-02-25T[Link],492][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.007666513S`)
[2024-02-25T[Link],578][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],578][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],356][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25303
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25303
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20118
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25234
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25254
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20118
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25234
[2024-02-25T[Link],356][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25254
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],474][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],475][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],475][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],494][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.007646812S`)
[2024-02-25T[Link],495][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.007921718S`)
[2024-02-25T[Link],587][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],587][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],730][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],565][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (0) as per the request.
[2024-02-25T[Link],565][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Closing EH receiver
[2024-02-25T[Link],565][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_1063f9_1708832068598_MF_de12bf_1708832068377]
[2024-02-25T[Link],565][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver]
[2024-02-25T[Link],565][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],566][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
linkName[LN_2e18ae_1708832068640_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],566][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
linkName[LN_2e18ae_1708832068640_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],567][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_de12bf_1708832068377], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],569][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_1063f9_1708832068598_MF_de12bf_1708832068377-
InternalReceiver], linkName[LN_2e18ae_1708832068640_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],569][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_1063f9_1708832068598_MF_de12bf_1708832068377-InternalReceiver],
linkName[LN_2e18ae_1708832068640_d90_G21], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],570][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 0: Closing EH client
[2024-02-25T[Link],570][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_b4c221_1708832068375]
[2024-02-25T[Link],570][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_de12bf_1708832068377]
[2024-02-25T[Link],575][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_de12bf_1708832068377], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],576][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_de12bf_1708832068377], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],576][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],577][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],577][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],578][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_de12bf_1708832068377],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_de12bf_1708832068377],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_de12bf_1708832068377], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_de12bf_1708832068377],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],583][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_de12bf_1708832068377], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_de12bf_1708832068377], error[n/a]
[2024-02-25T[Link],583][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_de12bf_1708832068377], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],584][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_de12bf_1708832068377], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],584][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_de12bf_1708832068377], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],584][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_de12bf_1708832068377], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0], condition[null],
description[null]
[2024-02-25T[Link],584][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_de12bf_1708832068377], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],589][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_de12bf_1708832068377], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],592][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is closing.
(reason=LeaseLost)
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20302
[2024-02-25T[Link],357][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25118
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20233
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20302
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25118
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20233
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20253
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],358][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],357][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20253
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 2
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],590][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],610][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],611][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],611][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],659][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],659][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],599][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],600][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],359][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25300
[2024-02-25T[Link],359][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20116
[2024-02-25T[Link],359][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25300
[2024-02-25T[Link],359][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25232
[2024-02-25T[Link],359][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25252
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],359][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],359][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20116
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25231
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25251
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],475][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],475][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],475][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],728][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],042][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],046][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336231488//1261931
[2024-02-25T[Link],046][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336231488//1261931
[2024-02-25T[Link],046][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 1917 bytes.
[2024-02-25T[Link],096][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].044464310Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45190,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5401&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5401&rev=1&no=0\",\"userAgent\":\"Moz
illa\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":343,\"sentBytes\":6117,\"connectionSerialNumber\":509358,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c0f4f4e0595becae486c7afcebc0f6c6\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"38262\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45190,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5401&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5401&rev=1&no=0\",\"userAgent\":\"Moz
illa\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":343,\"sentBytes\":6117,\"connectionSerialNumber\":509358,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c0f4f4e0595becae486c7afcebc0f6c6\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"38262\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],098][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>45190,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.67e-1,
"transactionId"=>"c0f4f4e0595becae486c7afcebc0f6c6", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=5401&rev=1&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6117, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509358, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>343,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=5401&rev=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"38262", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.068"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].044464310Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45190,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5401&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5401&rev=1&no=0\",\"userAgent\":\"Moz
illa\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":343,\"sentBytes\":6117,\"connectionSerialNumber\":509358,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c0f4f4e0595becae486c7afcebc0f6c6\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"38262\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":45190,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5401&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5401&rev=1&no=0\",\"userAgent\":\"Moz
illa\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":343,\"sentBytes\":6117,\"connectionSerialNumber\":509358,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c0f4f4e0595becae486c7afcebc0f6c6\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"38262\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],099][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>45190,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.67e-1,
"transactionId"=>"c0f4f4e0595becae486c7afcebc0f6c6", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=5401&rev=1&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6117, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509358, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>343,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=5401&rev=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"38262", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.068"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],103][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6566, :content_length=>1946, :batch_offset=>0}
[2024-02-25T[Link],500][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.048703601S`)
[2024-02-25T[Link],500][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.048923305S`)
[2024-02-25T[Link],500][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.048989106S`)
[2024-02-25T[Link],500][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.049023407S`)
[2024-02-25T[Link],500][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.049067409S`)
[2024-02-25T[Link],611][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],611][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20299
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25115
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20231
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20251
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20299
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25115
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20231
[2024-02-25T[Link],360][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20251
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],360][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],611][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],611][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],611][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],503][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.049000651S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.049242455S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.049310957S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.049367359S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.04941436S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.04945636S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.04947526S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.049518962S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.049556263S`)
[2024-02-25T[Link],504][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.049601364S`)
[2024-02-25T[Link],506][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.050699287S`)
[2024-02-25T[Link],507][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.051916613S`)
[2024-02-25T[Link],507][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.051989915S`)
[2024-02-25T[Link],507][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.052055517S`)
[2024-02-25T[Link],624][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],624][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],726][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],729][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],361][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25299
[2024-02-25T[Link],361][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20114
[2024-02-25T[Link],361][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25299
[2024-02-25T[Link],361][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20114
[2024-02-25T[Link],361][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25230
[2024-02-25T[Link],361][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25250
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],361][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],361][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25230
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25249
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],476][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],476][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],476][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],733][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],509][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.00897224S`)
[2024-02-25T[Link],509][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.009075643S`)
[2024-02-25T[Link],509][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.009088643S`)
[2024-02-25T[Link],510][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.043413576S`)
[2024-02-25T[Link],510][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.043511078S`)
[2024-02-25T[Link],634][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],634][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - schedule operation timer, current:
[2024-02-25T[Link].492543884Z], remaining: [60] secs
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].493168897Z], remaining: [59] secs
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],734][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20298
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25114
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20229
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20249
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20298
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25114
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20229
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],362][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20249
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],362][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],591][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],611][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],611][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].660767295Z], remaining: [60] secs
[2024-02-25T[Link],660][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],734][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],513][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.009629554S`)
[2024-02-25T[Link],513][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.009911161S`)
[2024-02-25T[Link],513][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.010013063S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.00987746S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.00987226S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.009868559S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.00987406S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.009902661S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.009951062S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.009968462S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.009989862S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.009996963S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.00895244S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.007785615S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.007764615S`)
[2024-02-25T[Link],514][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.007754014S`)
[2024-02-25T[Link],640][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],640][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],737][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],743][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336233472//1261932
[2024-02-25T[Link],744][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336233472//1261932
[2024-02-25T[Link],744][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 7407 bytes.
[2024-02-25T[Link],795][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].742378528Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":35329,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509818,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"714497a3dc084c
d3bbb7ca1d47115991\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57486,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509824,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.381,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"48cc3db755fbaf2a76754146241
a8295\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57532,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64;
rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509843,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.543,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"0b335fcabd3d694361499641b70
708ae\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.544\",\"ups
treamSourcePort\":\"37374\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57536,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":335,\"sentBytes\":62249,\"connectionSerialNumber\":509842,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.555,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"76c8655e9c0d7b3b1ad78b58aa7
17610\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.556\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":35329,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509818,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"714497a3dc084c
d3bbb7ca1d47115991\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serv
erRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSour
cePort\":\"\",\"originalHost\":\"[Link]\",\"host\":\"\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57486,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509824,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.381,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"48cc3db755fbaf2a76754146241
a8295\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57532,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64;
rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509843,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.543,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"0b335fcabd3d694361499641b70
708ae\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.544\",\"ups
treamSourcePort\":\"37374\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57536,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":335,\"sentBytes\":62249,\"connectionSerialNumber\":509842,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.555,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"76c8655e9c0d7b3b1ad78b58aa7
17610\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.556\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}"}}}
[2024-02-25T[Link],801][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>35329, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"714497a3dc084cd3bbb7ca1d47115991",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>514,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509818, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57486,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.381e0,
"transactionId"=>"48cc3db755fbaf2a76754146241a8295", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=10_logistics&q0=technical%20support",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62229, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509824,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>358, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37354",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.380"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57532,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.543e0,
"transactionId"=>"0b335fcabd3d694361499641b70708ae", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=10_logistics&q0=sales%20and%20quote",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62229, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509843,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>358, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37374",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.544"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57536,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.555e0,
"transactionId"=>"76c8655e9c0d7b3b1ad78b58aa717610", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=10_logistics", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>62249, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509842,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>335, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37354",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.556"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}], "@timestamp"=>2024-02-
25T[Link].742378528Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":35329,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509818,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"714497a3dc084c
d3bbb7ca1d47115991\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-AZURE_APG01_V2\",
\"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"ruleName\": \"APG01_
Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_BackendPool09_Contac
tSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\", \"operationName\
": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"p
roperties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57486,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509824,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.381,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"48cc3db755fbaf2a76754146241
a8295\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57532,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64;
rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509843,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.543,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"0b335fcabd3d694361499641b70
708ae\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.544\",\"ups
treamSourcePort\":\"37374\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57536,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":335,\"sentBytes\":62249,\"connectionSerialNumber\":509842,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.555,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"76c8655e9c0d7b3b1ad78b58aa7
17610\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.556\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":35329,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509818,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"714497a3dc084c
d3bbb7ca1d47115991\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57486,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509824,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.381,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"48cc3db755fbaf2a76754146241
a8295\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{
\"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57532,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64;
rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":358,\"sentBytes\":62229,\"connectionSerialNumber\":509843,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.543,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"0b335fcabd3d694361499641b70
708ae\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.544\",\"ups
treamSourcePort\":\"37374\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57536,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":335,\"sentBytes\":62249,\"connectionSerialNumber\":509842,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.555,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"76c8655e9c0d7b3b1ad78b58aa7
17610\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.556\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}"}}}
[2024-02-25T[Link],803][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35329, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"714497a3dc084cd3bbb7ca1d47115991", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>514,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509818, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=42194&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],804][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57486,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.381e0,
"transactionId"=>"48cc3db755fbaf2a76754146241a8295", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=10_logistics&q0=technical%20support",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62229, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509824,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>358, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=10_logistics&q0=technical%20support",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37354",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.380"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],804][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57532,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.543e0,
"transactionId"=>"0b335fcabd3d694361499641b70708ae", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=10_logistics&q0=sales%20and%20quote",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62229, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509843,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>358, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics&q0=sales
%20and%20quote", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37374",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.544"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],811][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57536,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.555e0,
"transactionId"=>"76c8655e9c0d7b3b1ad78b58aa717610", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=10_logistics", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>62249, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509842,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>335, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=10_logistics",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37354",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.556"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],854][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>4, :payload_size=>73977, :content_length=>5253, :batch_offset=>0}
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25297
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20113
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25228
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25248
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25297
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20113
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25228
[2024-02-25T[Link],363][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25248
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],474][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].474862672Z], remaining: [59] secs
[2024-02-25T[Link],476][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],476][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],476][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],726][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],729][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],423][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],432][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313429032//1261832
[2024-02-25T[Link],432][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313429032//1261832
[2024-02-25T[Link],432][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 5848 bytes.
[2024-02-25T[Link],484][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].431237329Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57479,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":338,\"sentBytes\":62252,\"connectionSerialNumber\":509362,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.383,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"56c0d1dc2143fb02989d7a3b8cc
36620\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.384\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57513,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509364,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.342,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"663dbbec3ad6633d4321285f375
c9773\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.340\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57561,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509367,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.484,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"c31597c993db24cf8932ca5d722
fc4f1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.484\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57479,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":338,\"sentBytes\":62252,\"connectionSerialNumber\":509362,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.383,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"56c0d1dc2143fb02989d7a3b8cc
36620\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.384\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57513,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/1.1\",\"rec
eivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509364,\"noOfConnec
tionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.342,\"WAFEvaluationTime\"
:\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/subscriptions\\/
2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/RG_YAzureDMZ_APG01\\/
providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"663dbbec3ad6633d4321285f375
c9773\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.340\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57561,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509367,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.484,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"c31597c993db24cf8932ca5d722
fc4f1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.484\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}"}}}
[2024-02-25T[Link],490][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57479,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.383e0,
"transactionId"=>"56c0d1dc2143fb02989d7a3b8cc36620", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=03_optimization", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>62252, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509362,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>338, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=03_optimization",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"57230",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.384"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57513,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.342e0,
"transactionId"=>"663dbbec3ad6633d4321285f375c9773", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=03_optimization&q0=sales%20and%20quote",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62232, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509364,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>361, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"57230",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.340"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57561,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.484e0,
"transactionId"=>"c31597c993db24cf8932ca5d722fc4f1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=03_optimization&q0=technical%20support",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62232, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509367,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>361, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"57230",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.484"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}], "@timestamp"=>2024-02-
25T[Link].431237329Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57479,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":338,\"sentBytes\":62252,\"connectionSerialNumber\":509362,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.383,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"56c0d1dc2143fb02989d7a3b8cc
36620\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.384\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57513,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509364,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.342,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewa
llPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"663dbbec3ad6633d4321285f375
c9773\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.340\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57561,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509367,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.484,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"c31597c993db24cf8932ca5d722
fc4f1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.484\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57479,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":338,\"sentBytes\":62252,\"connectionSerialNumber\":509362,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.383,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"56c0d1dc2143fb02989d7a3b8cc
36620\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.384\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57513,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509364,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.342,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"663dbbec3ad6633d4321285f375
c9773\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.340\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":57561,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"requestUri\":\"\\/cs\\/
gw\",\"requestQuery\":\"c-id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support\",\"userAgent\":\"Mozilla\\/
5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":361,\"sentBytes\":62232,\"connectionSerialNumber\":509367,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.484,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"c31597c993db24cf8932ca5d722
fc4f1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.484\",\"ups
treamSourcePort\":\"57230\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}"}}}
[2024-02-25T[Link],492][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57479,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.383e0,
"transactionId"=>"56c0d1dc2143fb02989d7a3b8cc36620", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=03_optimization", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>62252, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509362,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>338, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based%20software&r3=03_optimization",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"57230",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.384"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],492][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57513,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.342e0,
"transactionId"=>"663dbbec3ad6633d4321285f375c9773", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=03_optimization&q0=sales%20and%20quote",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62232, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509364,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>361, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=sales%20and%20quote",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"57230",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.340"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],493][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57561,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.484e0,
"transactionId"=>"c31597c993db24cf8932ca5d722fc4f1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000671&r1=03_products&r2=02_solution-
based%20software&r3=03_optimization&q0=technical%20support",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>62232, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509367,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>361, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000671&r1=03_products&r2=02_solution-based
%20software&r3=03_optimization&q0=technical%20support",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"57230",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.484"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],512][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>45395, :content_length=>3328, :batch_offset=>0}
[2024-02-25T[Link],314][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].314741020Z], remaining: [57] secs
[2024-02-25T[Link],518][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.00803912S`)
[2024-02-25T[Link],518][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.008199824S`)
[2024-02-25T[Link],646][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],646][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],363][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20296
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25112
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20227
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20247
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20296
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25112
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20227
[2024-02-25T[Link],364][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20247
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],592][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],592][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],592][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],661][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],661][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],661][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],974][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].974880394Z], remaining: [60] secs
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],260][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],265][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313434952//1261833
[2024-02-25T[Link],265][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313434952//1261833
[2024-02-25T[Link],265][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 3683 bytes.
[2024-02-25T[Link],316][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].262731471Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57858,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000951\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000951\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":272,\"sentBytes\":67242,\"connectionSerialNumber\":509847,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.379,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"1afe09a494f7099a0b460e69bca
630c9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55388,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6502,\"connectionSerialNumber\":509846,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.084,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"ff361971d7f93a8c330481a9c2e77ef0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upst
reamSourcePort\":\"50870\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57858,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000951\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000951\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":272,\"sentBytes\":67242,\"connectionSerialNumber\":509847,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.379,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"1afe09a494f7099a0b460e69bca
630c9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55388,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6502,\"connectionSerialNumber\":509846,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.084,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"ff361971d7f93a8c330481a9c2e77ef0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upst
reamSourcePort\":\"50870\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],317][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57858,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.379e0,
"transactionId"=>"1afe09a494f7099a0b460e69bca630c9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000951", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>67242, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509847,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>272, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-id=000951",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37354",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.380"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>55388,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.84e-1,
"transactionId"=>"ff361971d7f93a8c330481a9c2e77ef0", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6502,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509846, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"50870",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.084"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].262731471Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57858,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000951\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000951\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":272,\"sentBytes\":67242,\"connectionSerialNumber\":509847,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.379,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"1afe09a494f7099a0b460e69bca
630c9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourcePort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55388,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6502,\"connectionSerialNumber\":509846,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.084,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"ff361971d7f93a8c330481a9c2e77ef0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upst
reamSourcePort\":\"50870\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":57858,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000951\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000951\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko\\/20100101
Firefox\\/111.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":272,\"sentBytes\":67242,\"connectionSerialNumber\":509847,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.379,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"1afe09a494f7099a0b460e69bca
630c9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.380\",\"ups
treamSourceP
ort\":\"37354\",\"originalHost\":\"[Link]\",\"host\":\"[Link]
[Link]\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55388,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6502,\"connectionSerialNumber\":509846,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.084,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"ff361971d7f93a8c330481a9c2e77ef0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upst
reamSourcePort\":\"50870\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],325][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>57858,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.379e0,
"transactionId"=>"1afe09a494f7099a0b460e69bca630c9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-id=000951", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>67242, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509847,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>272, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"c-id=000951",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101
Firefox/111.0", "upstreamSourcePort"=>"37354",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.380"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],325][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>55388,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.84e-1,
"transactionId"=>"ff361971d7f93a8c330481a9c2e77ef0", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6502,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509846, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"50870",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.084"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],341][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>20609, :content_length=>2885, :batch_offset=>0}
[2024-02-25T[Link],652][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],659][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],734][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],364][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25296
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25296
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20111
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25227
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20111
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25227
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25247
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],365][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25247
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],476][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],477][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],477][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],730][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],523][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.042581735S`)
[2024-02-25T[Link],523][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.04279464S`)
[2024-02-25T[Link],523][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.042860841S`)
[2024-02-25T[Link],523][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.042897742S`)
[2024-02-25T[Link],524][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.042929742S`)
[2024-02-25T[Link],665][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],671][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],365][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20295
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25111
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20226
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20246
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20295
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25111
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20226
[2024-02-25T[Link],366][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20246
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],368][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313438704//1261834
[2024-02-25T[Link],371][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313438704//1261834
[2024-02-25T[Link],371][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 1520 bytes.
[2024-02-25T[Link],422][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].370122229Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26756,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":509386,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a5034d7703fe28
737b21317ef2112692\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26756,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":509386,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a5034d7703fe28
737b21317ef2112692\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],422][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>26756, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"a5034d7703fe28737b21317ef2112692",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>510,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509386, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].370122229Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26756,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":509386,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a5034d7703fe28
737b21317ef2112692\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26756,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":509386,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a5034d7703fe28
737b21317ef2112692\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],423][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>26756, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"a5034d7703fe28737b21317ef2112692", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>510,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509386, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=21937&mode=al2&namber=5789364&no=0&page=40&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],426][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>5350, :content_length=>1568, :batch_offset=>0}
[2024-02-25T[Link],592][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],592][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],592][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],661][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],661][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],734][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],527][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.042955758S`)
[2024-02-25T[Link],527][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.043543671S`)
[2024-02-25T[Link],527][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.043629772S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.043668973S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.043721574S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.043763776S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.043796876S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.043825977S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.044076782S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.044119883S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.044153684S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.044186085S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.044194885S`)
[2024-02-25T[Link],528][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.044232386S`)
[2024-02-25T[Link],683][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],683][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],366][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25294
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20110
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25225
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25245
[2024-02-25T[Link],367][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25294
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20110
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25225
[2024-02-25T[Link],367][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25245
[2024-02-25T[Link],367][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],367][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],367][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],367][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],368][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 2
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],477][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],477][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],477][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],730][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],531][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.007750244S`)
[2024-02-25T[Link],531][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.007799645S`)
[2024-02-25T[Link],531][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.007803545S`)
[2024-02-25T[Link],532][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.044967016S`)
[2024-02-25T[Link],532][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.045079418S`)
[2024-02-25T[Link],691][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],691][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],369][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20292
[2024-02-25T[Link],369][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25108
[2024-02-25T[Link],369][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20223
[2024-02-25T[Link],369][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20243
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],369][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],369][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20292
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25107
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20222
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20242
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],592][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],593][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],593][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],612][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],613][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],613][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],733][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],733][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],736][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.007940547S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.008190853S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.008377257S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.007867246S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.007819945S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.007828746S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.007830546S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.007824145S`)
[2024-02-25T[Link],535][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.007824245S`)
[2024-02-25T[Link],536][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.007829545S`)
[2024-02-25T[Link],536][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.007615041S`)
[2024-02-25T[Link],536][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.007614641S`)
[2024-02-25T[Link],536][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.007616141S`)
[2024-02-25T[Link],536][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.007618841S`)
[2024-02-25T[Link],538][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.007621541S`)
[2024-02-25T[Link],538][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.009546882S`)
[2024-02-25T[Link],699][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],699][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25292
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20107
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25223
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25243
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25292
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20107
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25223
[2024-02-25T[Link],370][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25243
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],370][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],477][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],478][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],478][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],550][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.018285367S`)
[2024-02-25T[Link],550][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.01843607S`)
[2024-02-25T[Link],705][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],705][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20291
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25107
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20291
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25107
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20222
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20242
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20222
[2024-02-25T[Link],371][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20242
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],371][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],593][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],593][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],593][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],613][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],613][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],613][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],733][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],715][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],716][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25290
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20106
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25221
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25241
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25290
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20106
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25221
[2024-02-25T[Link],372][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25241
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],478][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],478][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],478][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],729][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],556][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.055649802S`)
[2024-02-25T[Link],556][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.055695003S`)
[2024-02-25T[Link],556][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.055728604S`)
[2024-02-25T[Link],556][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.055724604S`)
[2024-02-25T[Link],556][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.055707103S`)
[2024-02-25T[Link],721][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],726][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20289
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25105
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20220
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20240
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20289
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25105
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20220
[2024-02-25T[Link],373][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20240
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],593][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],594][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],594][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],613][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],613][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],663][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],663][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],559][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.055595216S`)
[2024-02-25T[Link],559][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.055652418S`)
[2024-02-25T[Link],559][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.055674618S`)
[2024-02-25T[Link],559][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.055645416S`)
[2024-02-25T[Link],559][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.055625316S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.055608116S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.055591916S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.055588915S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.055575115S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.055553515S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.054479092S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.053283366S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.053397068S`)
[2024-02-25T[Link],560][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.053388968S`)
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],734][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],734][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],373][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25289
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20104
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25220
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25240
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25289
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20104
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25220
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25240
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],478][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],479][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],479][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],563][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.007043328S`)
[2024-02-25T[Link],563][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.006968227S`)
[2024-02-25T[Link],563][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.006929526S`)
[2024-02-25T[Link],563][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.053581887S`)
[2024-02-25T[Link],563][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.053599488S`)
[2024-02-25T[Link],739][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],740][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].492515543Z], remaining: [20] secs
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].492858050Z], remaining: [20] secs
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],093][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],101][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313440296//1261835
[2024-02-25T[Link],101][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313440296//1261835
[2024-02-25T[Link],101][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 5277 bytes.
[2024-02-25T[Link],152][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].100534432Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":36104,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=97806&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=97806&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509411,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d0b1b81110a4fbd6f2a056fbe371323b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":33110,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509414,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c90cd58c798c54
bf2a9546eba924d4cf\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28584,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":7661,\"connectionSerialNumber\":509415,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.053,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"90d01d91f0d170fe1b5f723d3a5c5fe2\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":36104,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=97806&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=97806&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509411,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d0b1b81110a4fbd6f2a056fbe371323b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":33110,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509414,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c90cd58c798c54
bf2a9546eba924d4cf\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\",
\"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28584,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":7661,\"connectionSerialNumber\":509415,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.053,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"90d01d91f0d170fe1b5f723d3a5c5fe2\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],154][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>36104,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.67e-1,
"transactionId"=>"d0b1b81110a4fbd6f2a056fbe371323b", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=97806&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509411, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>366,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=all&namber=97806&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"22838",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>33110, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"c90cd58c798c54bf2a9546eba924d4cf",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509414, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>28584,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.53e-1,
"transactionId"=>"90d01d91f0d170fe1b5f723d3a5c5fe2", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7661,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509415, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"22838",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.052"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].100534432Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":36104,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=97806&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=97806&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509411,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d0b1b81110a4fbd6f2a056fbe371323b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":33110,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509414,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c90cd58c798c54
bf2a9546eba924d4cf\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\":
\"ApplicationGatewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"pro
perties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28584,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":7661,\"connectionSerialNumber\":509415,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.053,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"90d01d91f0d170fe1b5f723d3a5c5fe2\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":36104,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=97806&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=97806&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509411,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.067,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d0b1b81110a4fbd6f2a056fbe371323b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":33110,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509414,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c90cd58c798c54
bf2a9546eba924d4cf\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28584,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&re
v=1&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":7661,\"connectionSerialNumber\":509415,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.053,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"90d01d91f0d170fe1b5f723d3a5c5fe2\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"22838\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],157][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>36104,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.67e-1,
"transactionId"=>"d0b1b81110a4fbd6f2a056fbe371323b", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=97806&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509411, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>366,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=all&namber=97806&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"22838",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],158][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>33110, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"c90cd58c798c54bf2a9546eba924d4cf", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509414, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],158][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>28584,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.53e-1,
"transactionId"=>"90d01d91f0d170fe1b5f723d3a5c5fe2", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7661,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509415, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=136200&mode=al2&namber=5789364&no=0&page=0&rev=1&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"22838",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.052"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],173][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>41234, :content_length=>3656, :batch_offset=>0}
[2024-02-25T[Link],374][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],374][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20289
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25104
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20219
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20239
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20288
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25104
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20219
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20239
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],594][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],594][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],594][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],661][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].661896032Z], remaining: [60] secs
[2024-02-25T[Link],663][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],663][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],663][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],565][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.00662362S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.006886425S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.007035328S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.006824924S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.006760022S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.006751323S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.006742723S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.006772323S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.006768623S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.006778123S`)
[2024-02-25T[Link],566][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.006832824S`)
[2024-02-25T[Link],567][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.006861125S`)
[2024-02-25T[Link],567][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.006862024S`)
[2024-02-25T[Link],567][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.006854625S`)
[2024-02-25T[Link],567][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.006686822S`)
[2024-02-25T[Link],567][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.00664682S`)
[2024-02-25T[Link],746][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],746][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],744][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - schedule operation timer, current:
[2024-02-25T[Link].744503674Z], remaining: [60] secs
[2024-02-25T[Link],375][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25288
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20104
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25219
[2024-02-25T[Link],375][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25239
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],376][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25287
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],376][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20103
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],376][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25218
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],376][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25238
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],479][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],479][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],479][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],728][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],570][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.006877226S`)
[2024-02-25T[Link],570][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.007045129S`)
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],752][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],753][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],728][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],730][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313445640//1261836
[2024-02-25T[Link],730][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313445640//1261836
[2024-02-25T[Link],730][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 1450 bytes.
[2024-02-25T[Link],781][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].729863954Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":753,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26b9b709a1451
a58c4db8264884eb10\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":753,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26b9b709a1451
a58c4db8264884eb10\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],782][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"e26b9b709a1451a58c4db8264884eb10",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15400",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15400",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>753,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}], "@timestamp"=>2024-02-
25T[Link].729863954Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":753,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26b9b709a1451
a58c4db8264884eb10\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":753,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26b9b709a1451
a58c4db8264884eb10\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],783][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"e26b9b709a1451a58c4db8264884eb10",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15400",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15400",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>753,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],793][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>5096, :content_length=>1535, :batch_offset=>0}
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],376][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],377][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20286
[2024-02-25T[Link],377][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25102
[2024-02-25T[Link],377][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20217
[2024-02-25T[Link],377][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20237
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],377][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],377][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20286
[2024-02-25T[Link],378][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25101
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20210
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20230
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 7
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],594][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],595][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],595][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],663][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],664][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],664][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],975][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].975785065Z], remaining: [60] secs
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],765][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],765][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],378][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25286
[2024-02-25T[Link],378][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20101
[2024-02-25T[Link],378][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25217
[2024-02-25T[Link],378][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25236
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25280
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20095
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25211
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25230
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],479][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],479][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],480][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],905][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],909][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336240944//1261933
[2024-02-25T[Link],909][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336240944//1261933
[2024-02-25T[Link],909][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 4801 bytes.
[2024-02-25T[Link],909][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - schedule operation timer, current:
[2024-02-25T[Link].909426748Z], remaining: [60] secs
[2024-02-25T[Link],960][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].908149221Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44468,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space
=15\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":381,\"sentBytes\":507,\"connectionSerialNumber\":509440,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f2be6da4728107
5b5457460151f83902\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37533,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=31872&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=31872&page&no=0\",\"userAgent\":\"Moz
illa\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":560,\"sentBytes\":487,\"connectionSerialNumber\":509441,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6a654976002ea6
43bf762fb5cc0b6cfe\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28522,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=19897&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=19897&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509443,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"df93a9d783649482c262e0dc1eda14f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44468,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space
=15\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":381,\"sentBytes\":507,\"connectionSerialNumber\":509440,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f2be6da4728107
5b5457460151f83902\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37533,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=31872&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=31872&page&no=0\",\"userAgent\":\"Moz
illa\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":560,\"sentBytes\":487,\"connectionSerialNumber\":509441,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6a654976002ea6
43bf762fb5cc0b6cfe\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28522,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=19897&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=19897&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\"
:\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509443,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"df93a9d783649482c262e0dc1eda14f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],962][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>44468, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"f2be6da47281075b5457460151f83902",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>507, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509440, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>381,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>37533, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"6a654976002ea643bf762fb5cc0b6cfe",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=31872&page&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>487,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509441, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>560,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=31872&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>28522,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"df93a9d783649482c262e0dc1eda14f4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=19897&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509443, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=19897&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"41284",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].908149221Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44468,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space
=15\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":381,\"sentBytes\":507,\"connectionSerialNumber\":509440,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f2be6da4728107
5b5457460151f83902\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37533,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=31872&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=31872&page&no=0\",\"userAgent\":\"Moz
illa\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":560,\"sentBytes\":487,\"connectionSerialNumber\":509441,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6a654976002ea6
43bf762fb5cc0b6cfe\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28522,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=19897&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=19897&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509443,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/Applic
ationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"df93a9d783649482c262e0dc1eda14f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44468,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space
=15\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":381,\"sentBytes\":507,\"connectionSerialNumber\":509440,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f2be6da4728107
5b5457460151f83902\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37533,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=31872&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=31872&page&no=0\",\"userAgent\":\"Moz
illa\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":560,\"sentBytes\":487,\"connectionSerialNumber\":509441,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6a654976002ea6
43bf762fb5cc0b6cfe\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":28522,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=19897&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=19897&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509443,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"df93a9d783649482c262e0dc1eda14f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],963][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>44468, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"f2be6da47281075b5457460151f83902", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>507, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509440, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>381,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=7564&mode=res&namber=148995&no=0&page=0&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],963][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>37533, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"6a654976002ea643bf762fb5cc0b6cfe", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=31872&page&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>487,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509441, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>560,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=31872&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],964][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>28522,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"df93a9d783649482c262e0dc1eda14f4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=19897&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509443, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=19897&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"41284",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],985][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>37694, :content_length=>3447, :batch_offset=>0}
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],575][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.051681372S`)
[2024-02-25T[Link],575][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.051671472S`)
[2024-02-25T[Link],575][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.051657872S`)
[2024-02-25T[Link],575][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.051663372S`)
[2024-02-25T[Link],575][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.051650772S`)
[2024-02-25T[Link],771][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],771][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].372028776Z], remaining: [49] secs
[2024-02-25T[Link],372][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].372362985Z], remaining: [49] secs
[2024-02-25T[Link],378][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20286
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25101
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20216
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20235
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20279
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25095
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20210
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20229
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],595][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],595][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],595][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],664][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],664][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],664][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],578][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.051436182S`)
[2024-02-25T[Link],578][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.051099976S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.051078176S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.051069676S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.051046176S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.051037676S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.051033876S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.051028576S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.050919475S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.050943176S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.050994878S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.050993478S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.050989678S`)
[2024-02-25T[Link],579][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.050970278S`)
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],730][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],782][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],782][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],124][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is processing a batch of
size 1.
[2024-02-25T[Link],133][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Saving checkpoint: 6725945905288//1542267
[2024-02-25T[Link],134][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: updateCheckpoint() 6725945905288//1542267
[2024-02-25T[Link],134][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 finished processing a batch
of 2067 bytes.
[2024-02-25T[Link],134][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].134156811Z], remaining: [60] secs
[2024-02-25T[Link],184][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].126703800Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36299,\"sentBytes\":138572,\"connectionSerialNumber\":53552
1,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.072,\"W
AFEvaluationTime\":\"0.016\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"d8fd033ab2b4ebbcdc53cc173fd00086\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36299,\"sentBytes\":138572,\"connectionSerialNumber\":53552
1,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.072,\"W
AFEvaluationTime\":\"0.016\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"d8fd033ab2b4ebbcdc53cc173fd00086\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],185][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62280, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.72e-1,
"transactionId"=>"d8fd033ab2b4ebbcdc53cc173fd00086", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.016",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>138572, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535521, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>36299, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"24746", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.040"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"}],
"@timestamp"=>2024-02-25T[Link].126703800Z, "message"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_
RoutingRule01\", \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36299,\"sentBytes\":138572,\"connectionSerialNumber\":53552
1,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.072,\"W
AFEvaluationTime\":\"0.016\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"d8fd033ab2b4ebbcdc53cc173fd00086\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36299,\"sentBytes\":138572,\"connectionSerialNumber\":53552
1,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.072,\"W
AFEvaluationTime\":\"0.016\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"d8fd033ab2b4ebbcdc53cc173fd00086\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],186][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62280, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.72e-1,
"transactionId"=>"d8fd033ab2b4ebbcdc53cc173fd00086", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.016",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>138572, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535521, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>36299, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"24746", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.040"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],189][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6977, :content_length=>1930, :batch_offset=>0}
[2024-02-25T[Link],379][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25285
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20101
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25216
[2024-02-25T[Link],379][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25236
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25278
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20094
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25209
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25229
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],480][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],480][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],480][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],723][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],581][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.006638728S`)
[2024-02-25T[Link],582][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.00662933S`)
[2024-02-25T[Link],582][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.00664773S`)
[2024-02-25T[Link],582][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.050436257S`)
[2024-02-25T[Link],582][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.050457759S`)
[2024-02-25T[Link],790][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],790][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],901][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],910][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336245816//1261934
[2024-02-25T[Link],910][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336245816//1261934
[2024-02-25T[Link],910][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 1451 bytes.
[2024-02-25T[Link],961][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].902800658Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"40ab4c8238c94
78f173de95f614d35de\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"40ab4c8238c94
78f173de95f614d35de\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],962][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"40ab4c8238c9478f173de95f614d35de",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15400",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15400",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}], "@timestamp"=>2024-02-
25T[Link].902800658Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"40ab4c8238c94
78f173de95f614d35de\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15400\",\"requestUri\":\"\\/00\\/
S5YA15400\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"40ab4c8238c94
78f173de95f614d35de\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],962][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"40ab4c8238c9478f173de95f614d35de",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15400",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15400",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],966][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>5099, :content_length=>1536, :batch_offset=>0}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],380][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20284
[2024-02-25T[Link],380][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25100
[2024-02-25T[Link],380][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20215
[2024-02-25T[Link],380][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20235
[2024-02-25T[Link],380][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20278
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25094
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20208
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20228
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],595][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],595][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],596][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],664][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],664][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],665][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],730][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],585][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.006833413S`)
[2024-02-25T[Link],585][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.00707292S`)
[2024-02-25T[Link],585][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.007126822S`)
[2024-02-25T[Link],585][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.006929617S`)
[2024-02-25T[Link],585][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.006887115S`)
[2024-02-25T[Link],585][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.006874915S`)
[2024-02-25T[Link],585][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.006864815S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.006855914S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.006848514S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.006841514S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.006719511S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.00667091S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.006604907S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.006601707S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.006594907S`)
[2024-02-25T[Link],586][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.006587807S`)
[2024-02-25T[Link],798][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],799][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],381][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],381][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25283
[2024-02-25T[Link],381][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20099
[2024-02-25T[Link],381][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25214
[2024-02-25T[Link],381][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25234
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25277
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20093
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25208
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25228
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],480][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],480][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],481][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],734][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],734][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],736][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],589][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.006432503S`)
[2024-02-25T[Link],589][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.006747912S`)
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],811][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],811][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],705][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],711][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313447160//1261837
[2024-02-25T[Link],711][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313447160//1261837
[2024-02-25T[Link],711][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 3696 bytes.
[2024-02-25T[Link],760][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].708147948Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53368,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=82867&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=82867&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509447,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b933553de6b730996d9ea1d160c4e810\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53390,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=39219&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=39219&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509450,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4e293b86e32eea728178c80566b0ff0b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53368,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=82867&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=82867&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509447,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b933553de6b730996d9ea1d160c4e810\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53390,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=39219&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=39219&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509450,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4e293b86e32eea728178c80566b0ff0b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],761][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>53368,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.62e-1,
"transactionId"=>"b933553de6b730996d9ea1d160c4e810", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=82867&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509447, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>366,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=all&namber=82867&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"41284",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>53390,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"4e293b86e32eea728178c80566b0ff0b", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=39219&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509450, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=39219&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"41284",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].708147948Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53368,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=82867&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=82867&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509447,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b933553de6b730996d9ea1d160c4e810\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53390,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=39219&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=39219&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509450,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4e293b86e32eea728178c80566b0ff0b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53368,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=82867&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=82867&no=0&space=0&type=0\",\"userAge
nt\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":366,\"sentBytes\":3357,\"connectionSerialNumber\":509447,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b933553de6b730996d9ea1d160c4e810\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverR
outed\":\"[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.06
0\",\"upstreamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"hos
t\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53390,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=39219&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=39219&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509450,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4e293b86e32eea728178c80566b0ff0b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"41284\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],762][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>53368,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.62e-1,
"transactionId"=>"b933553de6b730996d9ea1d160c4e810", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=82867&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509447, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>366,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=all&namber=82867&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"41284",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],762][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>53390,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"4e293b86e32eea728178c80566b0ff0b", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=39219&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509450, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=39219&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"41284",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],773][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>20596, :content_length=>2483, :batch_offset=>0}
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],382][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20282
[2024-02-25T[Link],382][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25098
[2024-02-25T[Link],382][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20213
[2024-02-25T[Link],382][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20233
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],382][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20276
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25092
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20207
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20227
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],596][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],596][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],596][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],665][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],665][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],665][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],733][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],815][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],816][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],733][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],383][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25282
[2024-02-25T[Link],383][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20097
[2024-02-25T[Link],383][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25213
[2024-02-25T[Link],383][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25233
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],383][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25276
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20091
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25207
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25227
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],481][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],481][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],481][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],447][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],450][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336247336//1261935
[2024-02-25T[Link],450][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336247336//1261935
[2024-02-25T[Link],450][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 1843 bytes.
[2024-02-25T[Link],501][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].449125129Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=30581&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=30581&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509921,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4181c0c665fcd24c57018419c6c7bad9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"58612\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=30581&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=30581&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509921,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4181c0c665fcd24c57018419c6c7bad9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"58612\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],502][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>8212,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.65e-1,
"transactionId"=>"4181c0c665fcd24c57018419c6c7bad9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=30581&no=0&page", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509921, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=30581&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"58612",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].449125129Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=30581&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=30581&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509921,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4181c0c665fcd24c57018419c6c7bad9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"58612\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=30581&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=30581&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509921,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4181c0c665fcd24c57018419c6c7bad9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"58612\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],503][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>8212,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.65e-1,
"transactionId"=>"4181c0c665fcd24c57018419c6c7bad9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=30581&no=0&page", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509921, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=30581&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"58612",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],506][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6339, :content_length=>1882, :batch_offset=>0}
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],593][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.037774151S`)
[2024-02-25T[Link],594][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.037687552S`)
[2024-02-25T[Link],594][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.03762745S`)
[2024-02-25T[Link],594][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.037629251S`)
[2024-02-25T[Link],594][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.037635551S`)
[2024-02-25T[Link],826][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],826][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20281
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25097
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20212
[2024-02-25T[Link],384][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20232
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],384][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20276
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25092
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20207
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20227
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],596][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],596][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],665][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],665][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],665][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],596][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.037379786S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.037309384S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.037277683S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.037329185S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.037475688S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.037483189S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.037477088S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.037457288S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.037457388S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.037449588S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.037631391S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.037679693S`)
[2024-02-25T[Link],597][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.03751949S`)
[2024-02-25T[Link],598][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.037482688S`)
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],836][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],837][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25280
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20096
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25211
[2024-02-25T[Link],385][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25231
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25275
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20091
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25206
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25226
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],481][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],481][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],481][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],600][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.00712128S`)
[2024-02-25T[Link],601][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.007101578S`)
[2024-02-25T[Link],601][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.007095278S`)
[2024-02-25T[Link],601][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.037772502S`)
[2024-02-25T[Link],601][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.037747401S`)
[2024-02-25T[Link],849][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],849][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],385][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20279
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25095
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20210
[2024-02-25T[Link],386][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20230
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20274
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25090
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20205
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20225
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],616][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],662][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - Reschedule operation timer,
current: [2024-02-25T[Link].662805443Z], remaining: [24] secs
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],603][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.006856438S`)
[2024-02-25T[Link],603][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.007070743S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.007171944S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.007012941S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.006979741S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.00692924S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.006775637S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.006846237S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.006884939S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.006910539S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.006913239S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.006915339S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.006724935S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.006672034S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.006660533S`)
[2024-02-25T[Link],604][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.006652434S`)
[2024-02-25T[Link],855][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],855][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],744][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].744673834Z], remaining: [41] secs
[2024-02-25T[Link],386][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25279
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20094
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25210
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25229
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25275
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20090
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25206
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25225
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],482][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],482][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],482][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],917][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],925][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313450928//1261838
[2024-02-25T[Link],926][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313450928//1261838
[2024-02-25T[Link],926][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 8440 bytes.
[2024-02-25T[Link],978][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].924763417Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15401\",\"requestUri\":\"\\/00\\/
S5YA15401\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":4,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"003fa625d45bc
885c9b712e7fedd14b6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":7608,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=2184&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=2184&no=0&page\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":5971,\"connectionSerialNumber\":509471,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c2193f0618fa8d1eda1155663ae74360\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34432,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":522,\"sentBytes\":482,\"connectionSerialNumber\":509473,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"04e4fe0e5fa665
e20bb4c64559802ca4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41932,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&spa
ce=240\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6528,\"connectionSerialNumber\":509474,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.048,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"9fd94e60642cf7c756c274bc69cdf9aa\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.048\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34016,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":506,\"sentBytes\":7988,\"connectionSerialNumber\":509475,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.057,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a44e54285f3871bcc87050430e5d4486\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-Redirect\",
\"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15401\",\"requestUri\":\"\\/00\\/
S5YA15401\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":4,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"003fa625d45bc
885c9b712e7fedd14b6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":7608,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=2184&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=2184&no=0&page\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":5971,\"connectionSerialNumber\":509471,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c2193f0618fa8d1eda1155663ae74360\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34432,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":522,\"sentBytes\":482,\"connectionSerialNumber\":509473,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"04e4fe0e5fa665
e20bb4c64559802ca4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41932,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&spa
ce=240\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6528,\"connectionSerialNumber\":509474,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.048,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"9fd94e60642cf7c756c274bc69cdf9aa\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.048\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34016,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":506,\"sentBytes\":7988,\"connectionSerialNumber\":509475,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.057,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a44e54285f3871bcc87050430e5d4486\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],980][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"003fa625d45bc885c9b712e7fedd14b6",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15401",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15401",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>7608,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-1,
"transactionId"=>"c2193f0618fa8d1eda1155663ae74360", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=2184&no=0&page", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5971, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509471, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>355,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=2184&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>34432, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"04e4fe0e5fa665e20bb4c64559802ca4",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>482,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509473, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>522,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0, "userAgent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 12.5;
rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41932,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.48e-1,
"transactionId"=>"9fd94e60642cf7c756c274bc69cdf9aa", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6528,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509474, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.048"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>34016,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.57e-1,
"transactionId"=>"a44e54285f3871bcc87050430e5d4486", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"0.004", "serverStatus"=>"200",
"clientIP"=>"[Link]", "httpStatus"=>200, "sentBytes"=>7988,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509475, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>506,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.6e-2, "userAgent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X
12.5; rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].924763417Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15401\",\"requestUri\":\"\\/00\\/
S5YA15401\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"conn
ectionSerialNumber\":509422,\"noOfConnectionRequests\":4,\"clientResponseTime\":0,\
"timeTaken\":0,\"WAFEvaluationTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"t
ransactionId\":\"003fa625d45bc885c9b712e7fedd14b6\",\"sslEnabled\":\"on\",\"sslCiph
er\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":7608,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=2184&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=2184&no=0&page\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":5971,\"connectionSerialNumber\":509471,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c2193f0618fa8d1eda1155663ae74360\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34432,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":522,\"sentBytes\":482,\"connectionSerialNumber\":509473,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"04e4fe0e5fa665
e20bb4c64559802ca4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41932,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&spa
ce=240\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6528,\"connectionSerialNumber\":509474,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.048,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"9fd94e60642cf7c756c274bc69cdf9aa\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.048\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34016,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":506,\"sentBytes\":7988,\"connectionSerialNumber\":509475,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.057,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a44e54285f3871bcc87050430e5d4486\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15401\",\"requestUri\":\"\\/00\\/
S5YA15401\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":4,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"003fa625d45bc
885c9b712e7fedd14b6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{
\"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":7608,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=2184&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=2184&no=0&page\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":5971,\"connectionSerialNumber\":509471,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c2193f0618fa8d1eda1155663ae74360\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34432,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":522,\"sentBytes\":482,\"connectionSerialNumber\":509473,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"04e4fe0e5fa665
e20bb4c64559802ca4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41932,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&spa
ce=240\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":6528,\"connectionSerialNumber\":509474,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.004,\"timeTaken\":0.048,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"9fd94e60642cf7c756c274bc69cdf9aa\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.048\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34016,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":506,\"sentBytes\":7988,\"connectionSerialNumber\":509475,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.057,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a44e54285f3871bcc87050430e5d4486\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],989][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"003fa625d45bc885c9b712e7fedd14b6",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15401",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15401",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],989][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>7608,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-1,
"transactionId"=>"c2193f0618fa8d1eda1155663ae74360", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=2184&no=0&page", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5971, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509471, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>355,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=2184&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],989][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>34432, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"04e4fe0e5fa665e20bb4c64559802ca4", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>482,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509473, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>522,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0, "userAgent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 12.5;
rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],990][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41932,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.48e-1,
"transactionId"=>"9fd94e60642cf7c756c274bc69cdf9aa", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6528,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509474, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=14769&mode=al2&namber=41284&no=0&page=20&rev=0&space=240",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.048"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],990][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>34016,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.57e-1,
"transactionId"=>"a44e54285f3871bcc87050430e5d4486", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"0.004", "serverStatus"=>"200",
"clientIP"=>"[Link]", "httpStatus"=>200, "sentBytes"=>7988,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509475, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>506,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.6e-2, "userAgent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X
12.5; rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],020][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>5, :payload_size=>103627, :content_length=>7568, :batch_offset=>0}
[2024-02-25T[Link],606][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.005160301S`)
[2024-02-25T[Link],606][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.005311904S`)
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],861][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],864][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],730][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].730634324Z], remaining: [56] secs
[2024-02-25T[Link],730][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].730940430Z], remaining: [56] secs
[2024-02-25T[Link],387][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20279
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25095
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20210
[2024-02-25T[Link],387][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20229
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20274
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25090
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20205
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20224
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],597][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],977][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].977216048Z], remaining: [60] secs
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],729][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],870][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],870][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],576][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],586][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336249248//1261936
[2024-02-25T[Link],586][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336249248//1261936
[2024-02-25T[Link],586][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 5178 bytes.
[2024-02-25T[Link],637][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].579281737Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59939,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":482,\"connectionSerialNumber\":509951,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"3551b717844cba
a77f3c6c8406157b47\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59955,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":569,\"sentBytes\":6046,\"connectionSerialNumber\":509953,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c9e230bf02190098ea3a1fd0131a348f\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":50238,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=18325&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=18325&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509954,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"08947b1bddbdeff66fd1aae1927c421e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59939,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":482,\"connectionSerialNumber\":509951,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"3551b717844cba
a77f3c6c8406157b47\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59955,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":569,\"sentBytes\":6046,\"connectionSerialNumber\":509953,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c9e230bf02190098ea3a1fd0131a348f\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\",
\"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\": \"APG01_RoutingR
ule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\", \"backendSetting
Name\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGatewayAccess\", \"
category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":50238,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=18325&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=18325&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509954,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"08947b1bddbdeff66fd1aae1927c421e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],640][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>59939, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"3551b717844cbaa77f3c6c8406157b47",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>482,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509951, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>371,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64;
rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>59955,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"c9e230bf02190098ea3a1fd0131a348f", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6046,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509953, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>569,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko/20100101
Firefox/114.0", "upstreamSourcePort"=>"39618",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>50238,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"08947b1bddbdeff66fd1aae1927c421e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=18325&no=0&page", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509954, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=18325&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"39618",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].579281737Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59939,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":482,\"connectionSerialNumber\":509951,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"3551b717844cba
a77f3c6c8406157b47\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59955,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":569,\"sentBytes\":6046,\"connectionSerialNumber\":509953,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c9e230bf02190098ea3a1fd0131a348f\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":50238,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/[Link]?
mode=res&namber=18325&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=18325&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509954,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"08947b1bddbdeff66fd1aae1927c421e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59939,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":482,\"connectionSerialNumber\":509951,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"3551b717844cba
a77f3c6c8406157b47\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59955,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":569,\"sentBytes\":6046,\"connectionSerialNumber\":509953,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c9e230bf02190098ea3a1fd0131a348f\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":50238,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=18325&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=18325&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509954,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"08947b1bddbdeff66fd1aae1927c421e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"39618\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],641][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>59939, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"3551b717844cbaa77f3c6c8406157b47", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>482,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509951, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>371,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64;
rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],641][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>59955,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"c9e230bf02190098ea3a1fd0131a348f", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6046,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509953, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>569,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko/20100101
Firefox/114.0", "upstreamSourcePort"=>"39618",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],642][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>50238,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"08947b1bddbdeff66fd1aae1927c421e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=18325&no=0&page", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509954, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=18325&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"39618",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],653][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>40385, :content_length=>3636, :batch_offset=>0}
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25278
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20094
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25209
[2024-02-25T[Link],388][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25229
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],388][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25273
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20089
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25204
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25224
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],482][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],482][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],482][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],910][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].910241091Z], remaining: [58] secs
[2024-02-25T[Link],022][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],025][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336254496//1261937
[2024-02-25T[Link],025][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336254496//1261937
[2024-02-25T[Link],025][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 4784 bytes.
[2024-02-25T[Link],076][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].024856255Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59938,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":404,\"sentBytes\":515,\"connectionSerialNumber\":509496,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9c21ad1764a6b7
617b0d27642a414699\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59954,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":503,\"sentBytes\":7988,\"connectionSerialNumber\":509497,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.058,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"badfd2ecb535506a6047ba001bc6f8db\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":981,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5d0bcc37882caf
b12db76988f01df136\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59938,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":404,\"sentBytes\":515,\"connectionSerialNumber\":509496,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9c21ad1764a6b7
617b0d27642a414699\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59954,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":503,\"sentBytes\":7988,\"connectionSerialNumber\":509497,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.058,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"badfd2ecb535506a6047ba001bc6f8db\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\
/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":981,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5d0bcc37882caf
b12db76988f01df136\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],078][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>59938, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"9c21ad1764a6b7617b0d27642a414699",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509496, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>404,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko/20100101
Firefox/114.0", "upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>59954,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.58e-1,
"transactionId"=>"badfd2ecb535506a6047ba001bc6f8db", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"0.000", "serverStatus"=>"200",
"clientIP"=>"[Link]", "httpStatus"=>200, "sentBytes"=>7988,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509497, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>503,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.6e-2, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64; rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"5d0bcc37882cafb12db76988f01df136",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15402",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15402",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>981,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>5,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}], "@timestamp"=>2024-02-
25T[Link].024856255Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59938,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":404,\"sentBytes\":515,\"connectionSerialNumber\":509496,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9c21ad1764a6b7
617b0d27642a414699\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59954,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":503,\"sentBytes\":7988,\"connectionSerialNumber\":509497,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.058,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"badfd2ecb535506a6047ba001bc6f8db\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":981,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":5,\"clientResponseTime\"
:0,\"timeTaken\":0,\"WAFEvaluationTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\"
,\"transactionId\":\"5d0bcc37882cafb12db76988f01df136\",\"sslEnabled\":\"on\",\"ssl
Cipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59938,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=148995&type=0&space=0&mo=148995&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0)
Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":404,\"sentBytes\":515,\"connectionSerialNumber\":509496,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9c21ad1764a6b7
617b0d27642a414699\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":59954,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=41284&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=41284&no=0\",\"userAgent\":\"Mozilla\
\/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko\\/20100101
Firefox\\/114.0\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":503,\"sentBytes\":7988,\"connectionSerialNumber\":509497,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.058,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"badfd2ecb535506a6047ba001bc6f8db\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":981,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"n
oOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5d0bcc37882caf
b12db76988f01df136\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],079][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>59938, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"9c21ad1764a6b7617b0d27642a414699", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509496, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>404,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=148995&type=0&space=0&mo=148995&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:114.0) Gecko/20100101
Firefox/114.0", "upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],080][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>59954,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.58e-1,
"transactionId"=>"badfd2ecb535506a6047ba001bc6f8db", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=41284&no=0", "WAFEvaluationTime"=>"0.000", "serverStatus"=>"200",
"clientIP"=>"[Link]", "httpStatus"=>200, "sentBytes"=>7988,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509497, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>503,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=41284&no=0", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.6e-2, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64; rv:114.0) Gecko/20100101 Firefox/114.0", "upstreamSourcePort"=>"30022",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],080][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"5d0bcc37882cafb12db76988f01df136",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15402",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15402",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>981,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>5,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],091][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>37602, :content_length=>3652, :batch_offset=>0}
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],611][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.036322696S`)
[2024-02-25T[Link],611][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.036265795S`)
[2024-02-25T[Link],611][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.036282894S`)
[2024-02-25T[Link],611][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.036264094S`)
[2024-02-25T[Link],611][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.036252094S`)
[2024-02-25T[Link],876][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],879][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20277
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25093
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20208
[2024-02-25T[Link],389][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20228
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],389][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20273
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25089
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20204
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20224
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],666][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],724][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.035446168S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.035421666S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.035471967S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.035472867S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.035480867S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.035492266S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.035482366S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.035473266S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.035349762S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.035314361S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.035247559S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.035232558S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.035222858S`)
[2024-02-25T[Link],614][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.035213057S`)
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],724][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],888][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],888][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],135][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].135087528Z], remaining: [60] secs
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25276
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20092
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25208
[2024-02-25T[Link],390][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25227
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25272
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20088
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25204
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25223
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],483][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],483][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],483][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],616][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.005213647S`)
[2024-02-25T[Link],617][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005220347S`)
[2024-02-25T[Link],617][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005186947S`)
[2024-02-25T[Link],617][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.034797209S`)
[2024-02-25T[Link],617][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.034763807S`)
[2024-02-25T[Link],897][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],898][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],390][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20275
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25092
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20207
[2024-02-25T[Link],391][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20226
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20272
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25089
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20204
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20222
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],408][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313459440//1261839
[2024-02-25T[Link],413][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313459440//1261839
[2024-02-25T[Link],413][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 4753 bytes.
[2024-02-25T[Link],462][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].410541589Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e069e6bd313f0
d3d3cbb5c8591f102a6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44421,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":562,\"sentBytes\":488,\"connectionSerialNumber\":509499,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b31e3aae56d7f
425bca373b3083fcf4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":58725,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":445,\"sentBytes\":5977,\"connectionSerialNumber\":509500,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"2deefa5ffd66c437c98de152abd480d2\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e069e6bd313f0
d3d3cbb5c8591f102a6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44421,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":562,\"sentBytes\":488,\"connectionSerialNumber\":509499,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b31e3aae56d7f
425bca373b3083fcf4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":58725,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":445,\"sentBytes\":5977,\"connectionSerialNumber\":509500,\"
noOfConnecti
onRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.062,\"WAFEvaluationTime
\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/subscriptions\\/
2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/RG_YAzureDMZ_APG01\\/
providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"2deefa5ffd66c437c98de152abd480d2\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],463][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"e069e6bd313f0d3d3cbb5c8591f102a6",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15402",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15402",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>6,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>44421, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"9b31e3aae56d7f425bca373b3083fcf4",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=695850&page&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>488,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509499, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>562,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=695850&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>58725,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.62e-1,
"transactionId"=>"2deefa5ffd66c437c98de152abd480d2", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=695850&page&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509500, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>445,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=695850&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"30022", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.056"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].410541589Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e069e6bd313f0
d3d3cbb5c8591f102a6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44421,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":562,\"sentBytes\":488,\"connectionSerialNumber\":509499,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b31e3aae56d7f
425bca373b3083fcf4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":58725,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":445,\"sentBytes\":5977,\"connectionSerialNumber\":509500,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"2de
efa5ffd66c437c98de152abd480d2\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-
AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15402\",\"requestUri\":\"\\/00\\/
S5YA15402\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e069e6bd313f0
d3d3cbb5c8591f102a6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":44421,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":562,\"sentBytes\":488,\"connectionSerialNumber\":509499,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"9b31e3aae56d7f
425bca373b3083fcf4\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":58725,\
"httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=695850&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=695850&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":445,\"sentBytes\":5977,\"connectionSerialNumber\":509500,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"2deefa5ffd66c437c98de152abd480d2\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"30022\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],465][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"e069e6bd313f0d3d3cbb5c8591f102a6",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15402",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15402",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>6,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],466][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>44421, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"9b31e3aae56d7f425bca373b3083fcf4", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=695850&page&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>488,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509499, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>562,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=695850&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],466][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>58725,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.62e-1,
"transactionId"=>"2deefa5ffd66c437c98de152abd480d2", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=695850&page&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509500, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>445,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=695850&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"30022", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.056"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],483][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>37417, :content_length=>3530, :batch_offset=>0}
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],617][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],618][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],667][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],667][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],667][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],619][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.005761622S`)
[2024-02-25T[Link],619][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.005958926S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.006006528S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.005847525S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.005778623S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.005780823S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.005762722S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.005732122S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.005733922S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.005728121S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.005724922S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.005706021S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.005701921S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.005697521S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.005695121S`)
[2024-02-25T[Link],620][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.005699221S`)
[2024-02-25T[Link],903][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],908][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],391][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25275
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20091
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25206
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25226
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25272
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20088
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25203
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25223
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],483][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],483][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],483][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],623][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],623][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.00662376S`)
[2024-02-25T[Link],624][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.00663386S`)
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313464264//1261840
[2024-02-25T[Link],628][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313464264//1261840
[2024-02-25T[Link],628][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 1846 bytes.
[2024-02-25T[Link],637][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],639][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336259352//1261938
[2024-02-25T[Link],639][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336259352//1261938
[2024-02-25T[Link],639][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 2888 bytes.
[2024-02-25T[Link],690][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].624615786Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":49590,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=683901&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=683901&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509965,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.069,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c73914baecbee781b325098e9705c7d0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"43664\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":49590,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=683901&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=683901&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509965,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.069,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c73914baecbee781b325098e9705c7d0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"43664\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],691][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>49590,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.69e-1,
"transactionId"=>"c73914baecbee781b325098e9705c7d0", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=683901&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509965, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>357,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=683901&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"43664",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].624615786Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":49590,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=683901&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=683901&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509965,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.069,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c73914baecbee781b325098e9705c7d0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"43664\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":49590,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=683901&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=683901&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509965,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.069,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c73914baecbee781b325098e9705c7d0\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"43664\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],692][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>49590,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.69e-1,
"transactionId"=>"c73914baecbee781b325098e9705c7d0", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=683901&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509965, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>357,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=683901&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"43664",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],699][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].638477188Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":7,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4923b7130e1a0
933b819b98945dd1a5e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":8,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"558d8e1a9f4dd
224b1500432739aeb7d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":7,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4923b7130e1a0
933b819b98945dd1a5e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":8,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"558d8e1a9f4dd
224b1500432739aeb7d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],700][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"4923b7130e1a0933b819b98945dd1a5e",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15403",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15403",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>7,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"558d8e1a9f4dd224b1500432739aeb7d",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15403",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15403",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>8,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}], "@timestamp"=>2024-02-
25T[Link].638477188Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":7,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4923b7130e1a0
933b819b98945dd1a5e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":8,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"558d8e1a9f4dd
224b1500432739aeb7d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":7,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4923b7130e1a0
933b819b98945dd1a5e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15403\",\"requestUri\":\"\\/00\\/
S5YA15403\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":8,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluation
Time\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"558d8e1a9f4dd
224b1500432739aeb7d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],701][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"4923b7130e1a0933b819b98945dd1a5e",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15403",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15403",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>7,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],701][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"558d8e1a9f4dd224b1500432739aeb7d",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15403",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15403",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>8,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],712][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>22814, :content_length=>2965, :batch_offset=>0}
[2024-02-25T[Link],732][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],732][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],740][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],914][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],914][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20275
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25091
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20206
[2024-02-25T[Link],392][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20226
[2024-02-25T[Link],392][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20271
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25087
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20202
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20222
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],618][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],618][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],618][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],667][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],667][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],667][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],723][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],921][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],921][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],416][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336262312//1261939
[2024-02-25T[Link],419][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336262312//1261939
[2024-02-25T[Link],419][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 1846 bytes.
[2024-02-25T[Link],469][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].418079335Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37108,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=51164&no=0&rev=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=51164&no=0&rev=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":6137,\"connectionSerialNumber\":509521,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d88eee73c7a43e3953bce0df7b8d94e4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"48990\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37108,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=51164&no=0&rev=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=51164&no=0&rev=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":6137,\"connectionSerialNumber\":509521,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d88eee73c7a43e3953bce0df7b8d94e4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"48990\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],470][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>37108,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-1,
"transactionId"=>"d88eee73c7a43e3953bce0df7b8d94e4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=51164&no=0&rev=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6137, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509521, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>357,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=51164&no=0&rev=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"48990",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].418079335Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37108,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=51164&no=0&rev=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=51164&no=0&rev=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":6137,\"connectionSerialNumber\":509521,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d88eee73c7a43e3953bce0df7b8d94e4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"48990\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":37108,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=51164&no=0&rev=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=51164&no=0&rev=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":6137,\"connectionSerialNumber\":509521,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.07,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d88eee73c7a43e3953bce0df7b8d94e4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"48990\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],471][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>37108,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-1,
"transactionId"=>"d88eee73c7a43e3953bce0df7b8d94e4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=51164&no=0&rev=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6137, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509521, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>357,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=51164&no=0&rev=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"48990",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],481][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6229, :content_length=>1813, :batch_offset=>0}
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25274
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20090
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25206
[2024-02-25T[Link],393][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25225
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],393][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25270
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20086
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25202
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25221
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],484][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],484][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],484][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],339][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is processing a batch of
size 1.
[2024-02-25T[Link],342][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Saving checkpoint: 6725919632848//1542131
[2024-02-25T[Link],343][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: updateCheckpoint() 6725919632848//1542131
[2024-02-25T[Link],343][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 finished processing a batch
of 5564 bytes.
[2024-02-25T[Link],343][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].343181686Z], remaining: [60] secs
[2024-02-25T[Link],394][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].342111163Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36188,\"sentBytes\":29968,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.039,\"WAFEva
luationTime\":\"0.020\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"4e359de0875f26fc190824e1619e28f1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.016\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1151,\"sentBytes\":228370,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\":4,\"clientResponseTime\":0.004,\"timeTaken\":0.086,\"WA
FEvaluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"e87bf2271de0a914eb68242f0027bf4c\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535521,\"n
oOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7c2967ce16d2d5
4145d553e26c3bfb86\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36188,\"sentBytes\":29968,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.039,\"WAFEva
luationTime\":\"0.020\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"4e359de0875f26fc190824e1619e28f1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.016\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1151,\"sentBytes\":228370,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\
":4,\"clientResponseTime\":0.004,\"timeTaken\":0.086,\"WAFEvaluationTime\":\"0.000\
",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/subscriptions\\/2bd75eb1-d088-
445b-a7e3-3f0510c83ca3\\/resourceGroups\\/RG_YAzureDMZ_APG02\\/providers\\/
[Link]\\/ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"e87bf2271de0a914eb68242f0027bf4c\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535521,\"n
oOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7c2967ce16d2d5
4145d553e26c3bfb86\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],395][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62280, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.39e-1,
"transactionId"=>"4e359de0875f26fc190824e1619e28f1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.020",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>29968, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535521, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>36188, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"24746", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>3,
"serverResponseLatency"=>"0.016"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"},
{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62280, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.86e-1,
"transactionId"=>"e87bf2271de0a914eb68242f0027bf4c", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>228370, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535521, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>1151, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"24746", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>"0.084"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"},
{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool00_DUMMY",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"",
"clientPort"=>62280, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"7c2967ce16d2d54145d553e26c3bfb86", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/[Link]", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>502,
"sentBytes"=>768, "requestUri"=>"/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>535521, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>948, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>5,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP00_DUMMY",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"}],
"@timestamp"=>2024-02-25T[Link].342111163Z, "message"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_
RoutingRule01\", \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36188,\"sentBytes\":29968,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.039,\"WAFEva
luationTime\":\"0.020\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"4e359de0875f26fc190824e1619e28f1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.016\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1151,\"sentBytes\":228370,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\":4,\"clientResponseTime\":0.004,\"timeTaken\":0.086,\"WA
FEvaluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"e87bf2271de0a914eb68242f0027bf4c\"
,\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535521,\"n
oOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7c2967ce16d2d5
4145d553e26c3bfb86\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":36188,\"sentBytes\":29968,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.039,\"WAFEva
luationTime\":\"0.020\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"4e359de0875f26fc190824e1619e28f1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.016\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1151,\"sentBytes\":228370,\"connectionSerialNumber\":535521
,\"noOfConnectionRequests\":4,\"clientResponseTime\":0.004,\"timeTaken\":0.086,\"WA
FEvaluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"e87bf2271de0a914eb68242f0027bf4c\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.084\",\"upstr
eamSourcePort\":\"24746\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":62280,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535521,\"n
oOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7c2967ce16d2d5
4145d553e26c3bfb86\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],403][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62280, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.39e-1,
"transactionId"=>"4e359de0875f26fc190824e1619e28f1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.020",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>29968, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535521, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>36188, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"24746", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>3,
"serverResponseLatency"=>"0.016"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],404][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62280, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.86e-1,
"transactionId"=>"e87bf2271de0a914eb68242f0027bf4c", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>228370, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535521, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>1151, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"24746", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>"0.084"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],404][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool00_DUMMY",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"",
"clientPort"=>62280, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"7c2967ce16d2d54145d553e26c3bfb86", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/[Link]", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>502,
"sentBytes"=>768, "requestUri"=>"/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>535521, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>948, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>5,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP00_DUMMY",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],416][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>43382, :content_length=>3544, :batch_offset=>0}
[2024-02-25T[Link],451][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].451456046Z], remaining: [57] secs
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],729][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],629][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.035221235S`)
[2024-02-25T[Link],629][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.035170432S`)
[2024-02-25T[Link],629][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.035152932S`)
[2024-02-25T[Link],629][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.03512493S`)
[2024-02-25T[Link],629][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.03512453S`)
[2024-02-25T[Link],929][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],929][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20273
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25090
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20205
[2024-02-25T[Link],394][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20224
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20270
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25087
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20202
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20221
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],618][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],618][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],618][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],668][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],668][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],668][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],734][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],631][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.035002357S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.034958156S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.034934756S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.034872555S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.034719651S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.03470075S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.034695151S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.034681351S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.034690851S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.03468765S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.034508647S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.034450645S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.034448345S`)
[2024-02-25T[Link],632][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.034439346S`)
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],934][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],935][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],394][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25273
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20089
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25204
[2024-02-25T[Link],395][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25223
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25270
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20086
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25201
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25220
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],484][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],484][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],484][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],634][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.00523073S`)
[2024-02-25T[Link],634][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005313631S`)
[2024-02-25T[Link],634][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005322731S`)
[2024-02-25T[Link],634][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.033311184S`)
[2024-02-25T[Link],634][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.033319084S`)
[2024-02-25T[Link],939][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],946][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],395][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20272
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25088
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20203
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20222
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20270
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25086
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20201
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20220
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],600][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],619][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],619][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],619][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],668][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],668][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],668][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],636][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.00521583S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.005435435S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.005606038S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.005504736S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.005496036S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.005492635S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.005487236S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.005483136S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.005482435S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.005482935S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.005458934S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.005456635S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.005442434S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.005438135S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.005427634S`)
[2024-02-25T[Link],637][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.005426434S`)
[2024-02-25T[Link],952][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],957][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],396][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25272
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20088
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25203
[2024-02-25T[Link],396][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25223
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25269
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20085
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25200
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25220
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],485][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],485][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],485][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],927][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].927014849Z], remaining: [32] secs
[2024-02-25T[Link],927][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].927310955Z], remaining: [32] secs
[2024-02-25T[Link],414][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336264224//1261940
[2024-02-25T[Link],418][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336264224//1261940
[2024-02-25T[Link],419][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 9014 bytes.
[2024-02-25T[Link],469][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].417989848Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55318,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=1104523&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=1104523&no=0&space=0&type=0\",\"userA
gent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":368,\"sentBytes\":3357,\"connectionSerialNumber\":509987,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"10a22a9b7cada52279b50620c1da532e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":46449,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":6507,\"connectionSerialNumber\":509989,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.059,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b580849820eff0572e817ea352bc0c0a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27994,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=887581&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=887581&no=0&space=0&type=0\",\"userAg
ent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":367,\"sentBytes\":3357,\"connectionSerialNumber\":510007,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"91e34bfdc16a0e62da74cb3646b003a4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60715,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":489,\"sentBytes\":508,\"connectionSerialNumber\":510008,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26c6e1b52a472
6eacc0b0468e0e8e78\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60749,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=672b6e1e3c8cd\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1869,\"sentBytes\":757,\"connectionSerialNumber\":510009,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.22,\"timeTaken\":0.224,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a16d7f2dfc7b997a67888bfa61cbd70c\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuer
Name\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLatency\":\
"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\"host\":\
"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55318,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=1104523&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=1104523&no=0&space=0&type=0\",\"userA
gent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":368,\"sentBytes\":3357,\"connectionSerialNumber\":509987,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"10a22a9b7cada52279b50620c1da532e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":46449,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":6507,\"connectionSerialNumber\":509989,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.059,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b580849820eff0572e817ea352bc0c0a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27994,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=887581&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=887581&no=0&space=0&type=0\",\"userAg
ent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":367,\"sentBytes\":3357,\"connectionSerialNumber\":510007,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"91e34bfdc16a0e62da74cb3646b003a4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60715,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":489,\"sentBytes\":508,\"connectionSerialNumber\":510008,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26c6e1b52a472
6eacc0b0468e0e8e78\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60749,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=672b6e1e3c8cd\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1869,\"sentBytes\":757,\"connectionSerialNumber\":510009,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.22,\"timeTaken\":0.224,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a16d7f2dfc7b997a67888bfa61cbd70c\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverRespons
eLatency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\
",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],471][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>55318,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.65e-1,
"transactionId"=>"10a22a9b7cada52279b50620c1da532e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=1104523&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509987, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>368,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=all&namber=1104523&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"39140",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>46449,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.59e-1,
"transactionId"=>"b580849820eff0572e817ea352bc0c0a", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6507,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509989, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"39140", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.052"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>27994,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.64e-1,
"transactionId"=>"91e34bfdc16a0e62da74cb3646b003a4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=887581&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510007, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>367,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=all&namber=887581&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"39140",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>60715, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"e26c6e1b52a4726eacc0b0468e0e8e78",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>508,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510008, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>489,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.0",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP", "properties"=>{"host"=>"",
"clientPort"=>60749, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention",
"timeTaken"=>0.224e0, "transactionId"=>"a16d7f2dfc7b997a67888bfa61cbd70c",
"sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>403, "sentBytes"=>757,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510009, "contentType"=>"multipart/form-data;
boundary=672b6e1e3c8cd", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>1869, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.22e0, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.0", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].417989848Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\",
\"backendPoolName\": \"APG01_BackendPool12_RepJP\", \"backendSettingName\": \"APG0
1_HTTP12_RepJP\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"
ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55318,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=1104523&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=1104523&no=0&space=0&type=0\",\"userA
gent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":368,\"sentBytes\":3357,\"connectionSerialNumber\":509987,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"10a22a9b7cada52279b50620c1da532e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":46449,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":6507,\"connectionSerialNumber\":509989,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.059,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b580849820eff0572e817ea352bc0c0a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27994,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=887581&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=887581&no=0&space=0&type=0\",\"userAg
ent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":367,\"sentBytes\":3357,\"connectionSerialNumber\":510007,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"91e34bfdc16a0e62da74cb3646b003a4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60715,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":489,\"sentBytes\":508,\"connectionSerialNumber\":510008,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26c6e1b52a472
6eacc0b0468e0e8e78\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60749,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=672b6e1e3c8cd\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1869,\"sentBytes\":757,\"connectionSerialNumber\":510009,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.22,\"timeTaken\":0.224,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a16d7f2dfc7b997a67888bfa61cbd70c\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\",
\"backendPoolName\": \"APG01_BackendPool12_RepJP\", \"backendSettingName\": \"APG0
1_HTTP12_RepJP\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"
ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":55318,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=1104523&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=1104523&no=0&space=0&type=0\",\"userA
gent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":368,\"sentBytes\":3357,\"connectionSerialNumber\":509987,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"10a22a9b7cada52279b50620c1da532e\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.068\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":46449,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":6507,\"connectionSerialNumber\":509989,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.059,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"b580849820eff0572e817ea352bc0c0a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":27994,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=all&namber=887581&no=0&space=0&type=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=all&namber=887581&no=0&space=0&type=0\",\"userAg
ent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":367,\"sentBytes\":3357,\"connectionSerialNumber\":510007,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"91e34bfdc16a0e62da74cb3646b003a4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60715,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":489,\"sentBytes\":508,\"connectionSerialNumber\":510008,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"e26c6e1b52a472
6eacc0b0468e0e8e78\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60749,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=672b6e1e3c8cd\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1869,\"sentBytes\":757,\"connectionSerialNumber\":510009,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.22,\"timeTaken\":0.224,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"a16d7f2dfc7b997a67888bfa61cbd70c\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],480][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>55318,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.65e-1,
"transactionId"=>"10a22a9b7cada52279b50620c1da532e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=1104523&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509987, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>368,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=all&namber=1104523&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"39140",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.068"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],480][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>46449,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.59e-1,
"transactionId"=>"b580849820eff0572e817ea352bc0c0a", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6507,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509989, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=8133&namber=5789364&space=0&rev=0&page=80&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"39140", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.052"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],480][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>27994,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.64e-1,
"transactionId"=>"91e34bfdc16a0e62da74cb3646b003a4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=all&namber=887581&no=0&space=0&type=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>3357, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510007, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>367,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=all&namber=887581&no=0&space=0&type=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"39140",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],481][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>60715, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"e26c6e1b52a4726eacc0b0468e0e8e78", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>508,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510008, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>489,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=9660&namber=41284&space=45&rev=0&page=20&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.0",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],481][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP", "properties"=>{"host"=>"",
"clientPort"=>60749, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention",
"timeTaken"=>0.224e0, "transactionId"=>"a16d7f2dfc7b997a67888bfa61cbd70c",
"sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>403, "sentBytes"=>757,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510009, "contentType"=>"multipart/form-data;
boundary=672b6e1e3c8cd", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>1869, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.22e0, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.0", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],509][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>5, :payload_size=>109955, :content_length=>7995, :batch_offset=>0}
[2024-02-25T[Link],639][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.005168228S`)
[2024-02-25T[Link],640][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.005278531S`)
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],963][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],967][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20271
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25088
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20202
[2024-02-25T[Link],397][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20222
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],397][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20269
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25086
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20200
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20220
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],600][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],600][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],600][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],619][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],619][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],619][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],669][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],669][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],669][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],977][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - Reschedule operation timer,
current: [2024-02-25T[Link].977595009Z], remaining: [35] secs
[2024-02-25T[Link],349][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],351][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336273304//1261941
[2024-02-25T[Link],351][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336273304//1261941
[2024-02-25T[Link],351][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 2030 bytes.
[2024-02-25T[Link],402][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].350185828Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":43735,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":831,\"sentBytes\":7688,\"connectionSerialNumber\":510011,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.056,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"87103a49acdce5bb08a5cabb1cf2d27d\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":43735,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":831,\"sentBytes\":7688,\"connectionSerialNumber\":510011,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.056,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"87103a49acdce5bb08a5cabb1cf2d27d\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],403][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>43735,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.56e-1,
"transactionId"=>"87103a49acdce5bb08a5cabb1cf2d27d", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7688,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510011, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>831,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Mobile Safari/537.36
(compatible; Googlebot/2.1; +[Link]
"upstreamSourcePort"=>"39140", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.052"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].350185828Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":43735,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":831,\"sentBytes\":7688,\"connectionSerialNumber\":510011,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.056,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"87103a49acdce5bb08a5cabb1cf2d27d\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":43735,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":831,\"sentBytes\":7688,\"connectionSerialNumber\":510011,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.056,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"87103a49acdce5bb08a5cabb1cf2d27d\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"39140\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],404][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>43735,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.56e-1,
"transactionId"=>"87103a49acdce5bb08a5cabb1cf2d27d", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7688,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510011, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>831,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Mobile Safari/537.36
(compatible; Googlebot/2.1; +[Link]
"upstreamSourcePort"=>"39140", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.052"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],407][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6871, :content_length=>1996, :batch_offset=>0}
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],972][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],979][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],587][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].587010964Z], remaining: [56] secs
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],721][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25271
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20087
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25202
[2024-02-25T[Link],398][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25221
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],398][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25269
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20085
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25200
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25219
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],485][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],485][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],485][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],644][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.033078833S`)
[2024-02-25T[Link],644][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.033078633S`)
[2024-02-25T[Link],644][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.033055833S`)
[2024-02-25T[Link],644][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.033055933S`)
[2024-02-25T[Link],644][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.033045732S`)
[2024-02-25T[Link],985][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],985][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20270
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25086
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20201
[2024-02-25T[Link],399][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20220
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20269
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25085
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20200
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20219
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],600][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],600][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],600][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],619][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],669][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],669][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],669][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],201][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],204][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313466176//1261841
[2024-02-25T[Link],204][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313466176//1261841
[2024-02-25T[Link],208][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 4661 bytes.
[2024-02-25T[Link],255][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].203468838Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15404\",\"requestUri\":\"\\/00\\/
S5YA15404\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":10,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"26565954167a
2f2aa2d23c7753d7f13d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":51537,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":666,\"sentBytes\":515,\"connectionSerialNumber\":509550,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"713fb4a3ba26b8
18095918f09a147d13\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":39930,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":612,\"sentBytes\":513,\"connectionSerialNumber\":509552,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a111f16d5f15c9
29405821a4ed077d40\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15404\",\"requestUri\":\"\\/00\\/
S5YA15404\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":10,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"26565954167a
2f2aa2d23c7753d7f13d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":51537,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":666,\"sentBytes\":515,\"connectionSerialNumber\":509550,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"713fb4a3ba26b8
18095918f09a147d13\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":39930,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\"
:\"HTTP\\/
1.1\",\"receivedBytes\":612,\"sentBytes\":513,\"connectionSerialNumber\":509552,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a111f16d5f15c9
29405821a4ed077d40\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],256][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"26565954167a2f2aa2d23c7753d7f13d",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15404",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15404",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>10,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>51537, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"713fb4a3ba26b818095918f09a147d13",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509550, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>666,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Mobile Safari/537.36
(compatible; Googlebot/2.1; +[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>39930, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"a111f16d5f15c929405821a4ed077d40",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>513,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509552, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>612,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].203468838Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15404\",\"requestUri\":\"\\/00\\/
S5YA15404\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":10,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"26565954167a
2f2aa2d23c7753d7f13d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":51537,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":666,\"sentBytes\":515,\"connectionSerialNumber\":509550,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"713fb4a3ba26b8
18095918f09a147d13\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":39930,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":612,\"sentBytes\":513,\"connectionSerialNumber\":509552,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a111f16d5f15c9
29405821a4ed077d40\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\
":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertificateIssuerName\":
\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"u
pstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\"host\":\"\"}}]}
", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15404\",\"requestUri\":\"\\/00\\/
S5YA15404\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":10,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"26565954167a
2f2aa2d23c7753d7f13d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":51537,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&sp
ace=15\",\"userAgent\":\"Mozilla\\/5.0 (Linux; Android 6.0.1; Nexus 5X
Build\\/MMB29P) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/121.0.6167.139
Mobile Safari\\/537.36 (compatible; Googlebot\\/2.1;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERRO
RINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":666,\"sentBytes\":515,\"connectionSerialNumber\":509550,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"713fb4a3ba26b8
18095918f09a147d13\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":39930,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":612,\"sentBytes\":513,\"connectionSerialNumber\":509552,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"a111f16d5f15c9
29405821a4ed077d40\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],259][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"26565954167a2f2aa2d23c7753d7f13d",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15404",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15404",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>10,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],259][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>51537, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"713fb4a3ba26b818095918f09a147d13", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509550, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>666,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=99802&mode=al2&namber=5789364&no=0&page=0&rev=0&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Mobile Safari/537.36
(compatible; Googlebot/2.1; +[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],259][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>39930, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"a111f16d5f15c929405821a4ed077d40", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>513,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509552, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>612,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],271][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>36929, :content_length=>3514, :batch_offset=>0}
[2024-02-25T[Link],647][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.033821313S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.033777712S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.03369441S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.03367811S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.033658309S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.033693111S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.033727811S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.03372611S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.033722411S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.03370951S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.03370631S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.03370251S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.03369911S`)
[2024-02-25T[Link],648][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.033741711S`)
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],990][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],990][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],310][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],136][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].135970842Z], remaining: [60] secs
[2024-02-25T[Link],399][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25269
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20085
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25200
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25220
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25268
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20084
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25199
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25219
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],485][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],486][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],486][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],725][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],650][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.005525345S`)
[2024-02-25T[Link],650][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005542646S`)
[2024-02-25T[Link],650][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005529446S`)
[2024-02-25T[Link],650][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.033396232S`)
[2024-02-25T[Link],650][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.033372631S`)
[2024-02-25T[Link],995][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],002][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],262][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],264][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336275400//1261942
[2024-02-25T[Link],264][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336275400//1261942
[2024-02-25T[Link],264][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 1967 bytes.
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],314][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].263190213Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34443,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":739,\"sentBytes\":7666,\"connectionSerialNumber\":509553,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"54fa1a0eb43f23f556fca78523c1f1ed\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"39518\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34443,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":739,\"sentBytes\":7666,\"connectionSerialNumber\":509553,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"54fa1a0eb43f23f556fca78523c1f1ed\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"39518\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],315][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>34443,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"54fa1a0eb43f23f556fca78523c1f1ed", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7666,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509553, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>739,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"39518",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].263190213Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34443,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":739,\"sentBytes\":7666,\"connectionSerialNumber\":509553,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"54fa1a0eb43f23f556fca78523c1f1ed\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"39518\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":34443,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":739,\"sentBytes\":7666,\"connectionSerialNumber\":509553,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.063,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"54fa1a0eb43f23f556fca78523c1f1ed\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"39518\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],316][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>34443,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.63e-1,
"transactionId"=>"54fa1a0eb43f23f556fca78523c1f1ed", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7666,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509553, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>739,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=4081&namber=5789364&space=0&rev=1&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"39518",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],318][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6720, :content_length=>1965, :batch_offset=>0}
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],400][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20269
[2024-02-25T[Link],400][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25086
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20199
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20219
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20267
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25084
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20198
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20218
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],508][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[98]
[2024-02-25T[Link],509][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[98]
[2024-02-25T[Link],511][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - token renewed
[2024-02-25T[Link],512][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - token renewed
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],669][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],733][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],734][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],735][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],652][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.004656315S`)
[2024-02-25T[Link],652][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.004818318S`)
[2024-02-25T[Link],652][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.00489132S`)
[2024-02-25T[Link],652][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.004759417S`)
[2024-02-25T[Link],652][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.004756917S`)
[2024-02-25T[Link],652][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.004753116S`)
[2024-02-25T[Link],652][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.004746917S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.004675515S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.004633614S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.004625714S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.004622314S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.004612814S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.004608113S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.004605314S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.004612113S`)
[2024-02-25T[Link],653][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.004563913S`)
[2024-02-25T[Link],013][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],014][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],259][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],261][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313470904//1261842
[2024-02-25T[Link],261][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313470904//1261842
[2024-02-25T[Link],261][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 3489 bytes.
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],312][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].260979111Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8128,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":369,\"sentBytes\":7666,\"connectionSerialNumber\":510031,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"1c2f362b263a9737e321db6e6b7b4e43\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8134,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=12046&rev=0&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=12046&rev=0&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":488,\"connectionSerialNumber\":510033,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"8c5de7db1ef3b8
1ae73cf407618d4f4b\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8128,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":369,\"sentBytes\":7666,\"connectionSerialNumber\":510031,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"1c2f362b263a9737e321db6e6b7b4e43\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8134,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=12046&rev=0&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=12046&rev=0&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":488,\"connectionSerialNumber\":510033,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"8c5de7db1ef3b8
1ae73cf407618d4f4b\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],313][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>8128,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"1c2f362b263a9737e321db6e6b7b4e43", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7666,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510031, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>369,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"30548", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.060"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>8134, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"8c5de7db1ef3b81ae73cf407618d4f4b",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=12046&rev=0&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>488,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510033, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>344,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&namber=12046&rev=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].260979111Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8128,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":369,\"sentBytes\":7666,\"connectionSerialNumber\":510031,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"1c2f362b263a9737e321db6e6b7b4e43\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8134,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=12046&rev=0&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=12046&rev=0&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":488,\"connectionSerialNumber\":510033,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"8c5de7db1ef3b8
1ae73cf407618d4f4b\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8128,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&
no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":369,\"sentBytes\":7666,\"connectionSerialNumber\":510031,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"1c2f362b263a9737e321db6e6b7b4e43\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\",
\"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8134,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=12046&rev=0&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=12046&rev=0&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":488,\"connectionSerialNumber\":510033,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"8c5de7db1ef3b8
1ae73cf407618d4f4b\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],318][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>8128,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"1c2f362b263a9737e321db6e6b7b4e43", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7666,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510031, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>369,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=1936&namber=5789364&space=0&rev=1&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"30548", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.060"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],318][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>8134, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"8c5de7db1ef3b81ae73cf407618d4f4b", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=12046&rev=0&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>488,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510033, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>344,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&namber=12046&rev=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],328][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>19767, :content_length=>2706, :batch_offset=>0}
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25269
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20085
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25200
[2024-02-25T[Link],401][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25219
[2024-02-25T[Link],401][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25268
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20084
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25199
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25218
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],486][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],486][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],486][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],629][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].629063362Z], remaining: [55] secs
[2024-02-25T[Link],629][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].629341768Z], remaining: [55] secs
[2024-02-25T[Link],655][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.005075402S`)
[2024-02-25T[Link],655][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.005167705S`)
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],723][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],020][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],020][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20268
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25084
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20199
[2024-02-25T[Link],402][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20218
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],402][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20267
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25083
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20198
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20217
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],620][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],025][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],025][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].418681345Z], remaining: [44] secs
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25267
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20083
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25198
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25217
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25267
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20083
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25198
[2024-02-25T[Link],403][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25217
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],486][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],257][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],260][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336277432//1261943
[2024-02-25T[Link],260][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336277432//1261943
[2024-02-25T[Link],260][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 3314 bytes.
[2024-02-25T[Link],311][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].259795835Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":26899,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":558,\"sentBytes\":488,\"connectionSerialNumber\":510035,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4814fdc2851761
e0daed611487ae47d1\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":37291,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":5977,\"connectionSerialNumber\":510036,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.076,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"689b23ee2ad00daf4ef22ccecdde45f9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.076\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":26899,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":558,\"sentBytes\":488,\"connectionSerialNumber\":510035,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4814fdc2851761
e0daed611487ae47d1\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":37291,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":5977,\"connectionSerialNumber\":510036,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.076,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"689b23ee2ad00daf4ef22ccecdde45f9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.076\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],313][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>26899, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"4814fdc2851761e0daed611487ae47d1",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=653134&page&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>488,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510035, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>558,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=653134&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>37291,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.76e-1,
"transactionId"=>"689b23ee2ad00daf4ef22ccecdde45f9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=653134&page&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510036, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>441,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=653134&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"30548", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.076"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].259795835Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":26899,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":558,\"sentBytes\":488,\"connectionSerialNumber\":510035,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4814fdc2851761
e0daed611487ae47d1\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":37291,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":5977,\"connectionSerialNumber\":510036,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.076,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"689b23ee2ad00daf4ef22ccecdde45f9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.076\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":26899,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":558,\"sentBytes\":488,\"connectionSerialNumber\":510035,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"4814fdc2851761
e0daed611487ae47d1\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":37291,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=653134&page&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=653134&page&no=0\",\"userAgent\":\"Mo
zilla\\/5.0
(compatible;PetalBot;+https:\\/\\/[Link]\\/site\\/
petalbot)\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus
\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":5977,\"connectionSerialNumber\":510036,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.076,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"689b23ee2ad00daf4ef22ccecdde45f9\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.076\",\"upst
reamSourcePort\":\"30548\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],314][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>26899, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"4814fdc2851761e0daed611487ae47d1", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=653134&page&no=0", "WAFEvaluationTime"=>"", "serverStatus"=>"",
"clientIP"=>"[Link]", "httpStatus"=>301, "sentBytes"=>488,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510035, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>558,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=653134&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],315][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>37291,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.76e-1,
"transactionId"=>"689b23ee2ad00daf4ef22ccecdde45f9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=653134&page&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510036, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>441,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=res&namber=653134&page&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0
(compatible;PetalBot;+[Link]
"upstreamSourcePort"=>"30548", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.076"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],325][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>18626, :content_length=>2424, :batch_offset=>0}
[2024-02-25T[Link],343][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].343342158Z], remaining: [60] secs
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],660][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.03141474S`)
[2024-02-25T[Link],660][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.031392039S`)
[2024-02-25T[Link],660][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.031397139S`)
[2024-02-25T[Link],660][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.03139944S`)
[2024-02-25T[Link],660][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.03140524S`)
[2024-02-25T[Link],030][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],030][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],403][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20266
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25083
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20197
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20216
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20266
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25083
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20197
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20216
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],601][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],621][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],621][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],621][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],670][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.03105262S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.031077421S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.031063021S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.03105692S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.031056321S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.031050121S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.031071921S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.03107052S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.031043419S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.031073221S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.03106152S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.031054921S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.03104002S`)
[2024-02-25T[Link],663][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.031035419S`)
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],042][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],042][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],404][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25266
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20083
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25266
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25197
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20083
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25217
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25197
[2024-02-25T[Link],404][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25217
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],665][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.005283707S`)
[2024-02-25T[Link],665][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005317208S`)
[2024-02-25T[Link],665][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005321208S`)
[2024-02-25T[Link],666][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.031383315S`)
[2024-02-25T[Link],666][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.031353315S`)
[2024-02-25T[Link],047][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],049][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],405][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20265
[2024-02-25T[Link],405][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20265
[2024-02-25T[Link],405][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25082
[2024-02-25T[Link],405][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20196
[2024-02-25T[Link],405][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20216
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],405][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],405][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25082
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20195
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20215
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],598][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[98]
[2024-02-25T[Link],599][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - token renewed
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],621][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],621][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],621][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],668][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.00590632S`)
[2024-02-25T[Link],670][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.00727815S`)
[2024-02-25T[Link],670][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.007346052S`)
[2024-02-25T[Link],670][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.00729515S`)
[2024-02-25T[Link],670][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.007314151S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.007817762S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.007878763S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.007916664S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.007901963S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.007902864S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.007912764S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.008002266S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.008003566S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.008006066S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.008016666S`)
[2024-02-25T[Link],671][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.008029667S`)
[2024-02-25T[Link],054][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],054][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25265
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20081
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25196
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25215
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25265
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20081
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25196
[2024-02-25T[Link],406][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25215
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkFlow
senderName[cbs], linkName[cbs:sender], unsettled[1], credit[98]
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - token renewed
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],487][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],673][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.007444454S`)
[2024-02-25T[Link],673][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.007572856S`)
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],059][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],059][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],406][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20264
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20264
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25080
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20195
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20214
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25080
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20195
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20214
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],352][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].351951274Z], remaining: [34] secs
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],422][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313474464//1261843
[2024-02-25T[Link],424][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313474464//1261843
[2024-02-25T[Link],425][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 3737 bytes.
[2024-02-25T[Link],475][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].424146109Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8052,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw1\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw1\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":6938,\"sentBytes\":381,\"connectionSerialNumber\":510059,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.181,\"WAFEvalua
tionTime\":\"0.008\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"d6f875adfac8b66a5340dcdab6d
94d8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.112\",\"ups
treamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8054,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw2\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw2\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":627,\"sentBytes\":381,\"connectionSerialNumber\":510061,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvaluat
ionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"f5c8bb501e512be33e4e83dc6cc
f4c8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8052,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw1\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw1\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":6938,\"sentBytes\":381,\"connectionSerialNumber\":510059,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.181,\"WAFEvalua
tionTime\":\"0.008\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"d6f875adfac8b66a5340dcdab6d
94d8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.112\",\"ups
treamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8054,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw2\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw2\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":627,\"sentBytes\":381,\"connectionSerialNumber\":510061,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvaluat
ionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"f5c8bb501e512be33e4e83dc6cc
f4c8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}"}}}
[2024-02-25T[Link],476][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8052,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.181e0,
"transactionId"=>"d6f875adfac8b66a5340dcdab6d94d8e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw1/submit?cid=000892",
"WAFEvaluationTime"=>"0.008", "serverStatus"=>"302", "clientIP"=>"[Link]",
"httpStatus"=>302, "sentBytes"=>381, "requestUri"=>"/cs/gw1/submit",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>510059,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>6938,
"httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"cid=000892",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"17180",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.112"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8054,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-2,
"transactionId"=>"f5c8bb501e512be33e4e83dc6ccf4c8e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw2/submit?cid=000892",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"302", "clientIP"=>"[Link]",
"httpStatus"=>302, "sentBytes"=>381, "requestUri"=>"/cs/gw2/submit",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>510061,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>627,
"httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"cid=000892",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"17180",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.004"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}], "@timestamp"=>2024-02-
25T[Link].424146109Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8052,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw1\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw1\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":6938,\"sentBytes\":381,\"connectionSerialNumber\":510059,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.181,\"WAFEvalua
tionTime\":\"0.008\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"d6f875adfac8b66a5340dcdab6d
94d8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.112\",\"ups
treamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8054,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw2\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw2\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":627,\"sentBytes\":381,\"connectionSerialNumber\":510061,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvaluat
ionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"f5c8bb501e512be33e4e83dc6cc
f4c8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8052,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw1\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw1\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":6938,\"sentBytes\":381,\"connectionSerialNumber\":510059,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.181,\"WAFEvalua
tionTime\":\"0.008\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"d6f875adfac8b66a5340dcdab6d
94d8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"ssl
ClientCertificateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serve
rRouted\":\"[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0
.112\",\"upstreamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\
"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":8054,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw2\\/submit?
cid=000892\",\"requestUri\":\"\\/cs\\/gw2\\/
submit\",\"requestQuery\":\"cid=000892\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":627,\"sentBytes\":381,\"connectionSerialNumber\":510061,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvaluat
ionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"f5c8bb501e512be33e4e83dc6cc
f4c8e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"17180\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}}]}"}}}
[2024-02-25T[Link],477][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8052,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.181e0,
"transactionId"=>"d6f875adfac8b66a5340dcdab6d94d8e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw1/submit?cid=000892",
"WAFEvaluationTime"=>"0.008", "serverStatus"=>"302", "clientIP"=>"[Link]",
"httpStatus"=>302, "sentBytes"=>381, "requestUri"=>"/cs/gw1/submit",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>510059,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>6938,
"httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"cid=000892",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"17180",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.112"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],481][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8054,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-2,
"transactionId"=>"f5c8bb501e512be33e4e83dc6ccf4c8e", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw2/submit?cid=000892",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"302", "clientIP"=>"[Link]",
"httpStatus"=>302, "sentBytes"=>381, "requestUri"=>"/cs/gw2/submit",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>510061,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>627,
"httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"cid=000892",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"17180",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.004"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],492][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>20919, :content_length=>2458, :batch_offset=>0}
[2024-02-25T[Link],063][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],064][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25264
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20080
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25195
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25264
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25215
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20080
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25195
[2024-02-25T[Link],407][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25215
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],407][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],488][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],488][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],488][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],440][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],443][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336280816//1261944
[2024-02-25T[Link],443][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336280816//1261944
[2024-02-25T[Link],443][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 8926 bytes.
[2024-02-25T[Link],494][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].442878934Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15406\",\"requestUri\":\"\\/00\\/
S5YA15406\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":14,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"0ae0033d4906
7793aa655ddaa29a7447\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8049,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":63536,\"connectionSerialNumber\":509602,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.368,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"737895bbf80095f07664d2530df
c6c74\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.368\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8053,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509605,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvalua
tionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"60191b3670a692c2d8386dad4d9
126b4\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8055,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509607,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.006,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"bc3c200da3a56fdf903ab9ae13e
115db\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53156,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=129539&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=129539&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509606,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"12bfac849bb5bf89e2e066d432ebdb84\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"42014\",\"origi
nalHost\":\"[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15406\",\"requestUri\":\"\\/00\\/
S5YA15406\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":14,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"0ae0033d4906
7793aa655ddaa29a7447\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8049,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":63536,\"connectionSerialNumber\":509602,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.368,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"737895bbf80095f07664d2530df
c6c74\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.368\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8053,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509605,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvalua
tionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"60191b3670a692c2d8386dad4d9
126b4\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8055,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509607,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.006,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"bc3c200da3a56fdf903ab9ae13e
115db\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53156,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=129539&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=129539&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509606,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"12bfac849bb5bf89e2e066d432ebdb84\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"42014\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],496][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"0ae0033d49067793aa655ddaa29a7447",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15406",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15406",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>14,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8049,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.368e0,
"transactionId"=>"737895bbf80095f07664d2530dfc6c74", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-1551864221.1650765734",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>63536, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509602,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>441, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-1551864221.1650765734",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"58724",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.368"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8053,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-2,
"transactionId"=>"60191b3670a692c2d8386dad4d9126b4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/error/error1005", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>4602, "requestUri"=>"/cs/error/error1005",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509605,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>475,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"58724",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.004"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8055,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-2,
"transactionId"=>"bc3c200da3a56fdf903ab9ae13e115db", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/error/error1005", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>4602, "requestUri"=>"/cs/error/error1005",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509607,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>475,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"58724",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.004"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>53156,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.62e-1,
"transactionId"=>"12bfac849bb5bf89e2e066d432ebdb84", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=129539&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509606, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>357,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=129539&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"42014",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].442878934Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\":
\"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15406\",\"requestUri\":\"\\/00\\/
S5YA15406\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":14,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"0ae0033d4906
7793aa655ddaa29a7447\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8049,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":63536,\"connectionSerialNumber\":509602,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.368,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"737895bbf80095f07664d2530df
c6c74\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.368\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8053,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509605,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvalua
tionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"60191b3670a692c2d8386dad4d9
126b4\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8055,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509607,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.006,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"bc3c200da3a56fdf903ab9ae13e
115db\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53156,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=129539&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=129539&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509606,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"12bfac849bb5bf89e2e066d432ebdb84\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"42014\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWit
hArgs\":\"\\/00\\/S5YA15406\",\"requestUri\":\"\\/00\\/
S5YA15406\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":14,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"0ae0033d4906
7793aa655ddaa29a7447\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8049,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/gw?c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"requestUri\":\"\\/cs\\/gw\",\"requestQuery\":\"c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-
1551864221.1650765734\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":441,\"sentBytes\":63536,\"connectionSerialNumber\":509602,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.368,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"737895bbf80095f07664d2530df
c6c74\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.368\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8053,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509605,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.007,\"WAFEvalua
tionTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"60191b3670a692c2d8386dad4d9
126b4\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"rul
eName\": \"APG01_Listener09_HTTPS_ContactSystem\", \"backendPoolName\": \"APG01_Bac
kendPool09_ContactSystem\", \"backendSettingName\": \"APG01_HTTP09_ContactSystem\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGateway
AccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":8055,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cs\\/error\\/
error1005\",\"requestUri\":\"\\/cs\\/error\\/
error1005\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/78.0.3904.108
Safari\\/537.36\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":475,\"sentBytes\":4602,\"connectionSerialNumber\":509607,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0.006,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy09_ContactSystem\",\"transactionId\":\"bc3c200da3a56fdf903ab9ae13e
115db\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.004\",\"ups
treamSourcePort\":\"58724\",\"originalHost\":\"[Link]\",\"host\":\"co
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":53156,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=129539&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=129539&no=0&page\",\"userAgent\":\"Mo
zilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":357,\"sentBytes\":5977,\"connectionSerialNumber\":509606,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.062,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"12bfac849bb5bf89e2e066d432ebdb84\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"42014\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],502][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"0ae0033d49067793aa655ddaa29a7447",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15406",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15406",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>14,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],502][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8049,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.368e0,
"transactionId"=>"737895bbf80095f07664d2530dfc6c74", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/gw?c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-1551864221.1650765734",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>63536, "requestUri"=>"/cs/gw",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509602,
"contentType"=>"", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>441, "httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"c-
id=000892&p28=&_ga=2.124410250.1431691701.1650765734-1551864221.1650765734",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"58724",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.368"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],503][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8053,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.7e-2,
"transactionId"=>"60191b3670a692c2d8386dad4d9126b4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/error/error1005", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>4602, "requestUri"=>"/cs/error/error1005",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509605,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>475,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"58724",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.004"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],503][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool09_ContactSystem",
"listenerName"=>"APG01_Listener09_HTTPS_ContactSystem",
"properties"=>{"host"=>"[Link]", "clientPort"=>8055,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-
RSA-AES256-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-2,
"transactionId"=>"bc3c200da3a56fdf903ab9ae13e115db", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cs/error/error1005", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>4602, "requestUri"=>"/cs/error/error1005",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/
APG01V2_WAFPolicy09_ContactSystem", "connectionSerialNumber"=>509607,
"contentType"=>"application/x-www-form-urlencoded",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>475,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/78.0.3904.108 Safari/537.36", "upstreamSourcePort"=>"58724",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.004"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP09_ContactSystem",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_Listener09_HTTPS_ContactSystem"}, :field=>"records"}
[2024-02-25T[Link],503][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>53156,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.62e-1,
"transactionId"=>"12bfac849bb5bf89e2e066d432ebdb84", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=129539&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5977, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509606, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>357,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=129539&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"42014",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],523][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>5, :payload_size=>109025, :content_length=>7988, :batch_offset=>0}
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],723][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],678][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.034153427S`)
[2024-02-25T[Link],678][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.034117526S`)
[2024-02-25T[Link],679][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.034092726S`)
[2024-02-25T[Link],679][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.034081925S`)
[2024-02-25T[Link],679][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.034074726S`)
[2024-02-25T[Link],069][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],069][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20263
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25080
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20194
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20214
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20263
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25080
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20194
[2024-02-25T[Link],408][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20214
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],408][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],409][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],602][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],671][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],907][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],909][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313478272//1261844
[2024-02-25T[Link],909][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313478272//1261844
[2024-02-25T[Link],909][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 1452 bytes.
[2024-02-25T[Link],960][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].908577345Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":15,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7cee7ece660f
53cae2fe7e0d66b2b8dd\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":15,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7cee7ece660f
53cae2fe7e0d66b2b8dd\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],960][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"7cee7ece660f53cae2fe7e0d66b2b8dd",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15407",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15407",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>15,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}], "@timestamp"=>2024-02-
25T[Link].908577345Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":15,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7cee7ece660f
53cae2fe7e0d66b2b8dd\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":15,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"7cee7ece660f
53cae2fe7e0d66b2b8dd\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],961][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"7cee7ece660f53cae2fe7e0d66b2b8dd",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15407",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15407",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>15,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],968][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>5102, :content_length=>1538, :batch_offset=>0}
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.033212394S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.033217395S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.033209694S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.033229194S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.033225195S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.033159293S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.033121092S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.033117993S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.033128192S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.033122793S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.033129793S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.033140393S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.033140893S`)
[2024-02-25T[Link],681][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.033114092S`)
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],728][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],081][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],081][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],136][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].136833786Z], remaining: [60] secs
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25261
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20078
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25193
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25261
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25212
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20078
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25193
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25212
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],488][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],488][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],488][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],683][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.004660993S`)
[2024-02-25T[Link],683][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.004643893S`)
[2024-02-25T[Link],683][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.004654492S`)
[2024-02-25T[Link],683][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.033192372S`)
[2024-02-25T[Link],683][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.033173672S`)
[2024-02-25T[Link],086][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],087][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],263][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].263760374Z], remaining: [48] secs
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],410][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20261
[2024-02-25T[Link],411][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25077
[2024-02-25T[Link],411][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20192
[2024-02-25T[Link],411][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20211
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],410][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20261
[2024-02-25T[Link],412][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25076
[2024-02-25T[Link],412][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20191
[2024-02-25T[Link],412][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20210
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 2
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],622][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],720][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],686][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.005463201S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.006325719S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.006391822S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.006245618S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.006253119S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.006229218S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.006235418S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.006233017S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.006236418S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.006231917S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.006219918S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.006223217S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.006222217S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.006210017S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.006215617S`)
[2024-02-25T[Link],687][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.006193117S`)
[2024-02-25T[Link],091][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],091][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],261][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].261824689Z], remaining: [48] secs
[2024-02-25T[Link],262][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].262107395Z], remaining: [48] secs
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],411][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25261
[2024-02-25T[Link],411][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20077
[2024-02-25T[Link],411][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25192
[2024-02-25T[Link],411][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25211
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],411][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25259
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20075
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25190
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25209
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],489][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],489][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],489][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],721][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],920][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],922][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313479792//1261845
[2024-02-25T[Link],922][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313479792//1261845
[2024-02-25T[Link],922][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 3410 bytes.
[2024-02-25T[Link],972][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].921571086Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":16,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"06e50abbadb7
e36e596efc1c4c27f7da\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54222,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":7688,\"connectionSerialNumber\":509613,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.075,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"bfb06d64d49e52c1cfcfd3aa2bd7e1d4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.072\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":16,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"06e50abbadb7
e36e596efc1c4c27f7da\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54222,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":7688,\"connectionSerialNumber\":509613,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.075,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"bfb06d64d49e52c1cfcfd3aa2bd7e1d4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.072\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],973][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"06e50abbadb7e36e596efc1c4c27f7da",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15407",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15407",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>16,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>54222,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.75e-1,
"transactionId"=>"bfb06d64d49e52c1cfcfd3aa2bd7e1d4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7688,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509613, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>371,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"18210", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.072"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].921571086Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":16,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"06e50abbadb7
e36e596efc1c4c27f7da\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54222,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":7688,\"connectionSerialNumber\":509613,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.075,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"bfb06d64d49e52c1cfcfd3aa2bd7e1d4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.072\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15407\",\"requestUri\":\"\\/00\\/
S5YA15407\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1004,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":16,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"06e50abbadb7
e36e596efc1c4c27f7da\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54222,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUr
i\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=
0&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":371,\"sentBytes\":7688,\"connectionSerialNumber\":509613,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.007,\"timeTaken\":0.075,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"bfb06d64d49e52c1cfcfd3aa2bd7e1d4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.072\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],975][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"06e50abbadb7e36e596efc1c4c27f7da",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15407",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15407",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1004,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>16,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],975][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>54222,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.75e-1,
"transactionId"=>"bfb06d64d49e52c1cfcfd3aa2bd7e1d4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7688,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509613, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>371,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=144607&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.7e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"18210", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.072"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],984][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>19310, :content_length=>2976, :batch_offset=>0}
[2024-02-25T[Link],690][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.006402038S`)
[2024-02-25T[Link],690][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.006490841S`)
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],096][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],097][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],412][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20260
[2024-02-25T[Link],412][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25077
[2024-02-25T[Link],412][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20191
[2024-02-25T[Link],412][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20210
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],412][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20258
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25075
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20189
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20208
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],603][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],105][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],105][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],981][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is processing a batch of
size 1.
[2024-02-25T[Link],983][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Saving checkpoint: 6725945907424//1542268
[2024-02-25T[Link],983][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: updateCheckpoint() 6725945907424//1542268
[2024-02-25T[Link],983][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 finished processing a batch
of 5642 bytes.
[2024-02-25T[Link],984][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - schedule operation timer, current:
[2024-02-25T[Link].984039682Z], remaining: [60] secs
[2024-02-25T[Link],034][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].983123862Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2106,\"sentBytes\":29806,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.32,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"249f8653d29d72fd969cd1e82c4af24
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.320\",\"up
streamSourcePort\":\"54324\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2406,\"sentBytes\":748,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":1.211,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"a1a6110e5941e56d296a6b4def78c42
d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.212\",\"up
streamSourcePort\":\"54324\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2308,\"sentBytes\":1172,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.215,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5d1e4ae0d733b37d7fb68a8134d64d5
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.212\",\"up
streamSourcePort\":\"54330\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2106,\"sentBytes\":29806,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.32,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"249f8653d29d72fd969cd1e82c4af24
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.320\",\"up
streamSourcePort\":\"54324\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2406,\"sentBytes\":748,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":1.211,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]
k\\/ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"a1a6110e5941e56d296a6b4def78c42
d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.212\",\"up
streamSourcePort\":\"54324\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2308,\"sentBytes\":1172,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.215,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5d1e4ae0d733b37d7fb68a8134d64d5
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.212\",\"up
streamSourcePort\":\"54330\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],035][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.132e1,
"transactionId"=>"249f8653d29d72fd969cd1e82c4af247", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/FullTextSearchCrm",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>29806, "requestUri"=>"/scrm/FullTextSearchCrm",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"", "originalHost"=>"j-service-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>2106,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"54324", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"1.320"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.1211e1,
"transactionId"=>"a1a6110e5941e56d296a6b4def78c42d", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/FullTextSearchCrm",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>748, "requestUri"=>"/scrm/FullTextSearchCrm",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2406, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"54324", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>"1.212"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.1215e1,
"transactionId"=>"5d1e4ae0d733b37d7fb68a8134d64d51", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/FullTextSearchCrm",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>1172, "requestUri"=>"/scrm/FullTextSearchCrm",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2308, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"54330", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"1.212"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}], "@timestamp"=>2024-02-
25T[Link].983123862Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2106,\"sentBytes\":29806,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.32,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"249f8653d29d72fd969cd1e82c4af24
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.320\",\"up
streamSourcePort\":\"54324\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2406,\"sentBytes\":748,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":1.211,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"a1a6110e5941e56d296a6b4def78c42
d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\"
:\"200\",\"serverResponseLatency\":\"1.212\",\"upstreamSourcePort\":\"54324\",\"ori
ginalHost\":\"[Link]\",\"host\":\"ymzn-
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2308,\"sentBytes\":1172,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.215,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5d1e4ae0d733b37d7fb68a8134d64d5
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.212\",\"up
streamSourcePort\":\"54330\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2106,\"sentBytes\":29806,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.32,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"249f8653d29d72fd969cd1e82c4af24
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.320\",\"up
streamSourcePort\":\"54324\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2406,\"sentBytes\":748,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":1.211,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"a1a6110e5941e56d296a6b4def78c42
d\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.212\",\"up
streamSourcePort\":\"54324\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestUri\":\"\\/scrm\\/
FullTextSearchCrm\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2308,\"sentBytes\":1172,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":1.215,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5d1e4ae0d733b37d7fb68a8134d64d5
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"1.212\",\"up
streamSourcePort\":\"54330\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],037][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.132e1,
"transactionId"=>"249f8653d29d72fd969cd1e82c4af247", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/FullTextSearchCrm",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>29806, "requestUri"=>"/scrm/FullTextSearchCrm",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"", "originalHost"=>"j-service-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>2106,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"54324", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"1.320"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],043][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.1211e1,
"transactionId"=>"a1a6110e5941e56d296a6b4def78c42d", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/FullTextSearchCrm",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>748, "requestUri"=>"/scrm/FullTextSearchCrm",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2406, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"54324", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>"1.212"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],043][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.1215e1,
"transactionId"=>"5d1e4ae0d733b37d7fb68a8134d64d51", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/FullTextSearchCrm",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>1172, "requestUri"=>"/scrm/FullTextSearchCrm",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2308, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"54330", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"1.212"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],053][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>43948, :content_length=>3445, :batch_offset=>0}
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25259
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20076
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25190
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25210
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25258
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20075
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25189
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25209
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],489][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],489][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],489][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],260][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].260470871Z], remaining: [31] secs
[2024-02-25T[Link],344][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].344164887Z], remaining: [60] secs
[2024-02-25T[Link],737][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],737][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],739][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],694][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.034525643S`)
[2024-02-25T[Link],695][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.034506143S`)
[2024-02-25T[Link],695][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.034500043S`)
[2024-02-25T[Link],695][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.034493843S`)
[2024-02-25T[Link],695][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.034462742S`)
[2024-02-25T[Link],110][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],110][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20259
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25076
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20190
[2024-02-25T[Link],413][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20210
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],413][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20258
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25075
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20189
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20208
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],604][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],604][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],604][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],672][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],673][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],736][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.035169375S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.035111673S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.035129873S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.035128974S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.035170374S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.035176274S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.035158874S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.035157474S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.035165775S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.035130473S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.035125374S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.035123373S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.035122873S`)
[2024-02-25T[Link],698][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.035122574S`)
[2024-02-25T[Link],727][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],728][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],730][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],122][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],122][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25259
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20075
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25190
[2024-02-25T[Link],414][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25209
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25258
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20074
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25189
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25208
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],489][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],490][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],490][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],725][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],734][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],700][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.005779652S`)
[2024-02-25T[Link],700][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005786952S`)
[2024-02-25T[Link],700][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005773852S`)
[2024-02-25T[Link],701][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.034942387S`)
[2024-02-25T[Link],701][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.034925986S`)
[2024-02-25T[Link],126][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],127][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],728][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],730][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],414][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20258
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25075
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20189
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20208
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20258
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25075
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20189
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20207
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],604][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],604][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],604][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],623][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],624][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],624][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],673][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],673][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],673][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],702][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.005053236S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.005211239S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.005318141S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.00522414S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.00520174S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.005200339S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.005147638S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.005142938S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.005133938S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.005132838S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.005123337S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.005122038S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.005119837S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.005119337S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.005119138S`)
[2024-02-25T[Link],703][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.005118637S`)
[2024-02-25T[Link],133][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],134][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25258
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20075
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25189
[2024-02-25T[Link],415][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25209
[2024-02-25T[Link],415][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25257
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20074
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25188
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25208
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],490][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],490][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],490][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],705][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.004277519S`)
[2024-02-25T[Link],705][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.004399622S`)
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],139][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],139][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20257
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25074
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20188
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20208
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],416][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20257
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25074
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20188
[2024-02-25T[Link],416][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20208
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],624][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],624][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],624][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],673][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],673][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],673][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],146][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],146][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],707][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is processing a batch of
size 1.
[2024-02-25T[Link],712][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Saving checkpoint: 6725919638480//1542132
[2024-02-25T[Link],712][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: updateCheckpoint() 6725919638480//1542132
[2024-02-25T[Link],712][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 finished processing a batch
of 13352 bytes.
[2024-02-25T[Link],712][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].712445170Z], remaining: [60] secs
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],731][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],763][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].710970438Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1956,\"sentBytes\":21992,\"connectionSerialNumber\":535667,
\"noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0.682,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"df37dc9863479d956a2a64d67dbd6a6
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.680\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2556,\"sentBytes\":754,\"connectionSerialNumber\":535667,\"
noOfConnectionRequests\":3,\"clientResponseTime\":0.001,\"timeTaken\":0.267,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"67016ead085af180af28fa1eb260e6a
9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.260\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2449,\"sentBytes\":1170,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.265,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"90f20cfbfbfbb2f5c23d9e7fdcb86fd
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.264\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":5766,\"sentBytes\":4478,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0.026,\"timeTaken\":0.313,\"WAFE
valuationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"cb92601425894dc5b68e0597eab9e1f
f\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.308\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42?retURL=%252Fsystem%252FUser
%[Link]\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-A994-
4699E3B64A42\",\"requestQuery\":\"retURL=%252Fsystem%252FUser
%[Link]\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2187,\"sentBytes\":26179,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0.931,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resource
Groups\\/RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"641b88502a66b3317439844ca62245a
3\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.932\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2614,\"sentBytes\":749,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0.421,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"772a683e801e0951ec3802e4e217509
6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.420\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2596,\"sentBytes\":2874,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0,\"timeTaken\":0.483,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5a9c49afe0a5a12e008e8985b557318
0\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.480\",\"up
streamSourcePort\":\"21898\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1956,\"sentBytes\":21992,\"connectionSerialNumber\":535667,
\"noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0.682,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"df37dc9863479d956a2a64d67dbd6a6
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.680\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2556,\"sentBytes\":754,\"connectionSerialNumber\":535667,\"
noOfConnectionRequests\":3,\"clientResponseTime\":0.001,\"timeTaken\":0.267,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"67016ead085af180af28fa1eb260e6a
9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.260\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
 Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2449,\"sentBytes\":1170,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.265,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"90f20cfbfbfbb2f5c23d9e7fdcb86fd
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.264\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":5766,\"sentBytes\":4478,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0.026,\"timeTaken\":0.313,\"WAFE
valuationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"cb92601425894dc5b68e0597eab9e1f
f\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.308\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42?retURL=%252Fsystem%252FUser
%[Link]\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-A994-
4699E3B64A42\",\"requestQuery\":\"retURL=%252Fsystem%252FUser
%[Link]\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2187,\"sentBytes\":26179,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0.931,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"641b88502a66b3317439844ca62245a
3\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.932\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2614,\"sentBytes\":749,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0.421,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"772a683e801e0951ec3802e4e217509
6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.420\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2596,\"sentBytes\":2874,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0,\"timeTaken\":0.483,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5a9c49afe0a5a12e008e8985b557318
0\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.480\",\"up
streamSourcePort\":\"21898\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],765][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.682e0,
"transactionId"=>"df37dc9863479d956a2a64d67dbd6a67", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>21992, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"", "originalHost"=>"j-service-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>1956,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36314", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>"0.680"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.267e0,
"transactionId"=>"67016ead085af180af28fa1eb260e6a9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>754, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2556, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.1e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36314", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>3,
"serverResponseLatency"=>"0.260"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.265e0,
"transactionId"=>"90f20cfbfbfbb2f5c23d9e7fdcb86fd1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>1170, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2449, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>3,
"serverResponseLatency"=>"0.264"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.313e0,
"transactionId"=>"cb92601425894dc5b68e0597eab9e1ff", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>4478, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>5766, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.26e-1,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>"0.308"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.931e0,
"transactionId"=>"641b88502a66b3317439844ca62245a3", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/605171B8-80AB-493A-A994-4699E3B64A42?
retURL=%252Fsystem%252FUser%[Link]", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>26179, "requestUri"=>"/scrm/User/605171B8-80AB-493A-A994-
4699E3B64A42", "WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-
3f0510c83ca3/resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"", "originalHost"=>"j-service-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>2187,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"retURL=%252Fsystem%252FUser%[Link]",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>5,
"serverResponseLatency"=>"0.932"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"},
{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.421e0,
"transactionId"=>"772a683e801e0951ec3802e4e2175096", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/605171B8-80AB-493A-A994-4699E3B64A42",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>749, "requestUri"=>"/scrm/User/605171B8-80AB-493A-
A994-4699E3B64A42", "WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-
3f0510c83ca3/resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2614, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>6,
"serverResponseLatency"=>"0.420"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.483e0,
"transactionId"=>"5a9c49afe0a5a12e008e8985b5573180", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/605171B8-80AB-493A-A994-4699E3B64A42",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>2874, "requestUri"=>"/scrm/User/605171B8-80AB-493A-
A994-4699E3B64A42", "WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-
3f0510c83ca3/resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2596, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"21898", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>"0.480"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}], "@timestamp"=>2024-02-
25T[Link].710970438Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1956,\"sentBytes\":21992,\"connectionSerialNumber\":535667,
\"noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0.682,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"df37dc9863479d956a2a64d67dbd6a6
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.680\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2556,\"sentBytes\":754,\"connectionSerialNumber\":535667,\"
noOfConnectionRequests\":3,\"clientResponseTime\":0.001,\"timeTaken\":0.267,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"67016ead085af180af28fa1eb260e6a
9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.260\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2449,\"sentBytes\":1170,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.265,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"90f20cfbfbfbb2f5c23d9e7fdcb86fd
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"ser
verStatus\":\"200\",\"serverResponseLatency\":\"0.264\",\"upstreamSourcePort\":\"36
326\",\"originalHost\":\"[Link]\",\"host\":\"ymzn-
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":5766,\"sentBytes\":4478,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0.026,\"timeTaken\":0.313,\"WAFE
valuationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"cb92601425894dc5b68e0597eab9e1f
f\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.308\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42?retURL=%252Fsystem%252FUser
%[Link]\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-A994-
4699E3B64A42\",\"requestQuery\":\"retURL=%252Fsystem%252FUser
%[Link]\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2187,\"sentBytes\":26179,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0.931,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"641b88502a66b3317439844ca62245a
3\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.932\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2614,\"sentBytes\":749,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0.421,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"772a683e801e0951ec3802e4e217509
6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.420\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2596,\"sentBytes\":2874,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0,\"timeTaken\":0.483,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5a9c49afe0a5a12e008e8985b557318
0\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.480\",\"up
streamSourcePort\":\"21898\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName\": \"APG02_Rou
tingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14_JServiceCRM\",
\"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1956,\"sentBytes\":21992,\"connectionSerialNumber\":535667,
\"noOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0.682,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\
\/subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"df37dc9863479d956a2a64d67dbd6a6
7\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.680\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2556,\"sentBytes\":754,\"connectionSerialNumber\":535667,\"
noOfConnectionRequests\":3,\"clientResponseTime\":0.001,\"timeTaken\":0.267,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"67016ead085af180af28fa1eb260e6a
9\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.260\",\"up
streamSourcePort\":\"36314\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2449,\"sentBytes\":1170,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":3,\"clientResponseTime\":0,\"timeTaken\":0.265,\"WAFEvalu
ationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"90f20cfbfbfbb2f5c23d9e7fdcb86fd
1\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.264\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/
List\",\"requestUri\":\"\\/scrm\\/User\\/
List\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":5766,\"sentBytes\":4478,\"connectionSerialNumber\":535665,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0.026,\"timeTaken\":0.313,\"WAFE
valuationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"cb92601425894dc5b68e0597eab9e1f
f\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.308\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42?retURL=%252Fsystem%252FUser
%[Link]\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-A994-
4699E3B64A42\",\"requestQuery\":\"retURL=%252Fsystem%252FUser
%[Link]\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":2187,\"sentBytes\":26179,\"connectionSerialNumber\":535665,
\"noOfConnectionRequests\":5,\"clientResponseTime\":0,\"timeTaken\":0.931,\"WAFEval
uationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"641b88502a66b3317439844ca62245a
3\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.932\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50252,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-urlencoded;
charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2614,\"sentBytes\":749,\"connectionSerialNumber\":535665,\"
noOfConnectionRequests\":6,\"clientResponseTime\":0,\"timeTaken\":0.421,\"WAFEvalua
tionTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"772a683e801e0951ec3802e4e217509
6\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.420\",\"up
streamSourcePort\":\"36326\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener14_HTTPS_JServiceCRM\", \"ruleName
\": \"APG02_RoutingRule14_JServiceCRM\", \"backendPoolName\": \"APG02_BackendPool14
_JServiceCRM\", \"backendSettingName\": \"APG02_HTTP14_JServiceCRM-
8080\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applicatio
nGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_5\",\"clientIP\":\"[Link]\",\"clientPort\":50254,\"h
ttpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/scrm\\/User\\/605171B8-
80AB-493A-A994-4699E3B64A42\",\"requestUri\":\"\\/scrm\\/User\\/605171B8-80AB-493A-
A994-4699E3B64A42\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36 Edg\\/[Link]\",\"contentType\":\"application\\/x-www-form-
urlencoded; charset=UTF-
8\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP
\\/
1.1\",\"receivedBytes\":2596,\"sentBytes\":2874,\"connectionSerialNumber\":535667,\
"noOfConnectionRequests\":4,\"clientResponseTime\":0,\"timeTaken\":0.483,\"WAFEvalu
ationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy14_JServiceCRM\",\"transactionId\":\"5a9c49afe0a5a12e008e8985b557318
0\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:8080\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.480\",\"up
streamSourcePort\":\"21898\",\"originalHost\":\"j-service-
[Link]\",\"host\":\"[Link]\"}}]}"}}}
[2024-02-25T[Link],770][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.682e0,
"transactionId"=>"df37dc9863479d956a2a64d67dbd6a67", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>21992, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"", "originalHost"=>"j-service-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>1956,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36314", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>"0.680"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],770][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.267e0,
"transactionId"=>"67016ead085af180af28fa1eb260e6a9", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>754, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2556, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.1e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36314", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>3,
"serverResponseLatency"=>"0.260"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],770][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.265e0,
"transactionId"=>"90f20cfbfbfbb2f5c23d9e7fdcb86fd1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>1170, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2449, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>3,
"serverResponseLatency"=>"0.264"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],778][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.313e0,
"transactionId"=>"cb92601425894dc5b68e0597eab9e1ff", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/List", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>4478, "requestUri"=>"/scrm/User/List",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>5766, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.26e-1,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>"0.308"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],778][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.931e0,
"transactionId"=>"641b88502a66b3317439844ca62245a3", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/605171B8-80AB-493A-A994-4699E3B64A42?
retURL=%252Fsystem%252FUser%[Link]", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>26179, "requestUri"=>"/scrm/User/605171B8-80AB-493A-A994-
4699E3B64A42", "WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-
3f0510c83ca3/resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"", "originalHost"=>"j-service-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>2187,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5",
"requestQuery"=>"retURL=%252Fsystem%252FUser%[Link]",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>5,
"serverResponseLatency"=>"0.932"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],779][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50252, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.421e0,
"transactionId"=>"772a683e801e0951ec3802e4e2175096", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/605171B8-80AB-493A-A994-4699E3B64A42",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>749, "requestUri"=>"/scrm/User/605171B8-80AB-493A-
A994-4699E3B64A42", "WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-
3f0510c83ca3/resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535665, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2614, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"36326", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>6,
"serverResponseLatency"=>"0.420"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],779][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool14_JServiceCRM",
"listenerName"=>"APG02_Listener14_HTTPS_JServiceCRM", "properties"=>{"host"=>"ymzn-
[Link]", "clientPort"=>50254, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:8080", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.483e0,
"transactionId"=>"5a9c49afe0a5a12e008e8985b5573180", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/scrm/User/605171B8-80AB-493A-A994-4699E3B64A42",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>2874, "requestUri"=>"/scrm/User/605171B8-80AB-493A-
A994-4699E3B64A42", "WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-
3f0510c83ca3/resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy14_JServiceCRM",
"connectionSerialNumber"=>535667, "contentType"=>"application/x-www-form-
urlencoded; charset=UTF-8", "originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>2596, "httpMethod"=>"POST",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_5", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"21898", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>4,
"serverResponseLatency"=>"0.480"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP14_JServiceCRM-8080",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule14_JServiceCRM"}, :field=>"records"}
[2024-02-25T[Link],799][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>7, :payload_size=>220771, :content_length=>10596, :batch_offset=>0}
[2024-02-25T[Link],876][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],879][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313483272//1261846
[2024-02-25T[Link],880][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313483272//1261846
[2024-02-25T[Link],880][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 10232 bytes.
[2024-02-25T[Link],931][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].879215387Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=18806&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=18806&rev=1&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":6120,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"13a5d380443f25b908d54caaa7531875\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15408\",\"requestUri\":\"\\/00\\/
S5YA15408\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":18,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f71508fb4496
7aebca75f397f90cad3e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":7688,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0.004,\"timeTaken\":0.054,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"884af3219ecdea49059a2698be8e846b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":13700,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509658,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5f653acd0c0be4
5ae16c8fe4ca1d617f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54985,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509661,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"fb797174e287b8
cfebeaadb2da7d69fc\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\":
\"APG01_BackendPool12_RepJP\", \"backendSettingName\": \"APG01_HTTP12_RepJP\", \"o
perationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGatewayAcc
essLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":17284,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=57283&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=57283&no=0&rev\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":6137,\"connectionSerialNumber\":509660,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"085c9bac0467ee1daeb3a2aed5508f3a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=18806&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=18806&rev=1&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":6120,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"13a5d380443f25b908d54caaa7531875\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15408\",\"requestUri\":\"\\/00\\/
S5YA15408\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":18,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f71508fb4496
7aebca75f397f90cad3e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":7688,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0.004,\"timeTaken\":0.054,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"884af3219ecdea49059a2698be8e846b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":13700,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509658,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5f653acd0c0be4
5ae16c8fe4ca1d617f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54985,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/[Link]\",\"requestQuery\":\"mode=al2&mo=59080&n
amber=5789364&space=0&rev=0&page=0&no=0\",\"userAgent\":\"Mozilla\\/5.0
AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509661,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"fb797174e287b8
cfebeaadb2da7d69fc\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":17284,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=57283&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=57283&no=0&rev\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":6137,\"connectionSerialNumber\":509660,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"085c9bac0467ee1daeb3a2aed5508f3a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],933][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41645,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"13a5d380443f25b908d54caaa7531875", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=18806&rev=1&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6120, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509655, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>344,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=18806&rev=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"18210", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.060"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"f71508fb44967aebca75f397f90cad3e",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15408",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15408",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>18,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41645,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.54e-1,
"transactionId"=>"884af3219ecdea49059a2698be8e846b", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7688,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509655, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"18210", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>"0.052"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>13700, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"5f653acd0c0be45ae16c8fe4ca1d617f",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509658, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>54985, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"fb797174e287b8cfebeaadb2da7d69fc",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>514,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509661, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>17284,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"085c9bac0467ee1daeb3a2aed5508f3a", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=57283&no=0&rev", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6137, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509660, "contentType"=>"",
"originalHost"=>"[Link]",
"sslEnabled"=>"on", "receivedBytes"=>355, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=57283&no=0&rev",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"18210",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].879215387Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=18806&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=18806&rev=1&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":6120,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"13a5d380443f25b908d54caaa7531875\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15408\",\"requestUri\":\"\\/00\\/
S5YA15408\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":18,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f71508fb4496
7aebca75f397f90cad3e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":7688,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0.004,\"timeTaken\":0.054,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"884af3219ecdea49059a2698be8e846b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":13700,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509658,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5f653acd0c0be4
5ae16c8fe4ca1d617f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54985,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509661,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"fb797174e287b8
cfebeaadb2da7d69fc\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\"
,\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstr
eamSourcePort\":\"\",\"originalHost\":\"[Link]\",\"host\":\"\"}},
{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":17284,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=57283&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=57283&no=0&rev\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":6137,\"connectionSerialNumber\":509660,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"085c9bac0467ee1daeb3a2aed5508f3a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=18806&rev=1&no=0\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=18806&rev=1&no=0\",\"userAgent\":\"Mo
zilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko; compatible; bingbot\\/2.0;
+http:\\/\\/[Link]\\/[Link]) Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":344,\"sentBytes\":6120,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"13a5d380443f25b908d54caaa7531875\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener15_HTTPS_AutoID-
Redirect\", \"ruleName\": \"APG01_RoutingRule15_AutoID-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35780,\"htt
pMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/00\\/
S5YA15408\",\"requestUri\":\"\\/00\\/
S5YA15408\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/[Link]\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":307,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1005,\"sentBytes\":463,\"connectionSerialNumber\":509422,\"
noOfConnectionRequests\":18,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluatio
nTime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"f71508fb4496
7aebca75f397f90cad3e\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":41645,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":7688,\"connectionSerialNumber\":509655,\"
noOfConnectionRequests\":2,\"clientResponseTime\":0.004,\"timeTaken\":0.054,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"884af3219ecdea49059a2698be8e846b\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.052\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":13700,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509658,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5f653acd0c0be4
5ae16c8fe4ca1d617f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-AZURE_APG01_V2\",
\"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":54985,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0
&no=0\",\"userAgent\":\"Mozilla\\/5.0 AppleWebKit\\/537.36 (KHTML, like Gecko;
compatible; bingbot\\/2.0; +http:\\/\\/[Link]\\/[Link])
Chrome\\/116.0.1938.76
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":370,\"sentBytes\":514,\"connectionSerialNumber\":509661,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"fb797174e287b8
cfebeaadb2da7d69fc\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":17284,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=57283&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=57283&no=0&rev\",\"userAgent\":\"Mozi
lla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":355,\"sentBytes\":6137,\"connectionSerialNumber\":509660,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.06,\"WAFEva
luationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"085c9bac0467ee1daeb3a2aed5508f3a\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.056\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],941][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41645,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"13a5d380443f25b908d54caaa7531875", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=18806&rev=1&no=0", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6120, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509655, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>344,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=18806&rev=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"18210", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.060"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],942][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener15_HTTPS_AutoID-Redirect",
"properties"=>{"host"=>"", "clientPort"=>35780, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"",
"timeTaken"=>0, "transactionId"=>"f71508fb44967aebca75f397f90cad3e",
"sslClientVerify"=>"NONE", "originalRequestUriWithArgs"=>"/00/S5YA15408",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>307, "sentBytes"=>463, "requestUri"=>"/00/S5YA15408",
"WAFPolicyID"=>"", "connectionSerialNumber"=>509422, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>1005,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/[Link]",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>18,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule15_AutoID-Redirect"}, :field=>"records"}
[2024-02-25T[Link],943][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41645,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.54e-1,
"transactionId"=>"884af3219ecdea49059a2698be8e846b", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7688,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509655, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=25142&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.4e-2,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"18210", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>"0.052"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],943][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>13700, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"5f653acd0c0be45ae16c8fe4ca1d617f", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509658, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=25048&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],943][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>54985, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"fb797174e287b8cfebeaadb2da7d69fc", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>514,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509661, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>370,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=59080&namber=5789364&space=0&rev=0&page=0&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible;
bingbot/2.0; +[Link] Chrome/116.0.1938.76 Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],943][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>17284,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.6e-1,
"transactionId"=>"085c9bac0467ee1daeb3a2aed5508f3a", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=57283&no=0&rev", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6137, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509660, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>355,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=57283&no=0&rev",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"18210",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.056"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],964][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>6, :payload_size=>148106, :content_length=>10579, :batch_offset=>0}
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],417][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],417][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25256
[2024-02-25T[Link],417][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20073
[2024-02-25T[Link],417][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25256
[2024-02-25T[Link],417][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25188
[2024-02-25T[Link],417][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20073
[2024-02-25T[Link],417][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25207
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25187
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25206
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],490][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],490][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],491][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],443][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - schedule operation timer, current:
[2024-02-25T[Link].443486313Z], remaining: [60] secs
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],709][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.031140573S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.031134773S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=258483485} forced-compaction result
(captures: `32` span: `PT5M5.189106068S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.031186073S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=814893463} forced-compaction result
(captures: `32` span: `PT5M5.189182169S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.031217775S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=106158887} forced-compaction result
(captures: `32` span: `PT5M5.18919307S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.031268575S`)
[2024-02-25T[Link],710][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1371747750} forced-compaction result
(captures: `32` span: `PT5M5.18922167S`)
[2024-02-25T[Link],161][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],161][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20255
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20255
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25073
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25073
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20187
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20187
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20206
[2024-02-25T[Link],418][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20206
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],418][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],624][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],624][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],609][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313493576//1261847
[2024-02-25T[Link],615][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313493576//1261847
[2024-02-25T[Link],615][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 4910 bytes.
[2024-02-25T[Link],665][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].610848907Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":10388,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":6499,\"connectionSerialNumber\":510114,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4c360a8866170d341000636560318fc3\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21940&mode=res&namber=148995&no=0&page=10&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21940&mode=res&namber=148995&no=0&page=10&space=15
\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":378,\"sentBytes\":504,\"connectionSerialNumber\":510116,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"31d0f5cc73021d
5e3bbe6f33bcfb1481\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":40682,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":510117,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5df8cbd8e72f65
a3e0feec39abb3286f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":10388,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":6499,\"connectionSerialNumber\":510114,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4c360a8866170d341000636560318fc3\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21940&mode=res&namber=148995&no=0&page=10&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21940&mode=res&namber=148995&no=0&page=10&space=15
\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":378,\"sentBytes\":504,\"connectionSerialNumber\":510116,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"31d0f5cc73021d
5e3bbe6f33bcfb1481\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\":
\"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":40682,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":510117,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5df8cbd8e72f65
a3e0feec39abb3286f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],666][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>10388,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.61e-1,
"transactionId"=>"4c360a8866170d341000636560318fc3", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6499,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510114, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"49918",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>7212, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"31d0f5cc73021d5e3bbe6f33bcfb1481",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=21940&mode=res&namber=148995&no=0&page=10&space=15", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>504, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>510116, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>378,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=21940&mode=res&namber=148995&no=0&page=10&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>40682, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"5df8cbd8e72f65a3e0feec39abb3286f",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>510,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510117, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].610848907Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":10388,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":6499,\"connectionSerialNumber\":510114,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4c360a8866170d341000636560318fc3\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21940&mode=res&namber=148995&no=0&page=10&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21940&mode=res&namber=148995&no=0&page=10&space=15
\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":378,\"sentBytes\":504,\"connectionSerialNumber\":510116,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"31d0f5cc73021d
5e3bbe6f33bcfb1481\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":40682,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0
(compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":510117,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5df8cbd8e72f65
a3e0feec39abb3286f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":10388,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":6499,\"connectionSerialNumber\":510114,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4c360a8866170d341000636560318fc3\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":7212,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=21940&mode=res&namber=148995&no=0&page=10&space=15\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=21940&mode=res&namber=148995&no=0&page=10&space=15
\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":378,\"sentBytes\":504,\"connectionSerialNumber\":510116,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"31d0f5cc73021d
5e3bbe6f33bcfb1481\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":40682,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&s
pace=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":384,\"sentBytes\":510,\"connectionSerialNumber\":510117,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5df8cbd8e72f65
a3e0feec39abb3286f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],676][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>10388,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.61e-1,
"transactionId"=>"4c360a8866170d341000636560318fc3", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>6499,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510114, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"In=1&mo=16996&mode=al2&namber=5789364&no=0&page=20&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"49918",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],676][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>7212, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"31d0f5cc73021d5e3bbe6f33bcfb1481", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=21940&mode=res&namber=148995&no=0&page=10&space=15", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>504, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>510116, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>378,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=21940&mode=res&namber=148995&no=0&page=10&space=15",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],676][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>40682, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"5df8cbd8e72f65a3e0feec39abb3286f", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>510,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>510117, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>384,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=38770&mode=al2&namber=5617059&no=0&page=80&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],687][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>38581, :content_length=>3649, :batch_offset=>0}
[2024-02-25T[Link],909][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].909905894Z], remaining: [59] secs
[2024-02-25T[Link],910][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].910131699Z], remaining: [59] secs
[2024-02-25T[Link],712][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=788218642} forced-compaction result
(captures: `32` span: `PT5M5.188835917S`)
[2024-02-25T[Link],712][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.031674502S`)
[2024-02-25T[Link],712][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.031543399S`)
[2024-02-25T[Link],712][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.031542499S`)
[2024-02-25T[Link],712][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.031517199S`)
[2024-02-25T[Link],712][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.031524298S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.031537098S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=527817925} forced-compaction result
(captures: `32` span: `PT5M5.188632113S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.031561499S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1448823314} forced-compaction result
(captures: `32` span: `PT5M5.188674413S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.031576399S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=460460603} forced-compaction result
(captures: `32` span: `PT5M5.188700514S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.0315779S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1868898708} forced-compaction result
(captures: `32` span: `PT5M5.188728815S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.0315896S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1590123337} forced-compaction result
(captures: `32` span: `PT5M5.188755516S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.031592699S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1388351833} forced-compaction result
(captures: `32` span: `PT5M5.188782916S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.0315922S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1504223984} forced-compaction result
(captures: `32` span: `PT5M5.188807917S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.0316239S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=520569296} forced-compaction result
(captures: `32` span: `PT5M5.188856118S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.031618101S`)
[2024-02-25T[Link],713][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=2080267370} forced-compaction result
(captures: `32` span: `PT5M5.188884019S`)
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],165][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],169][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],138][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - Reschedule operation timer,
current: [2024-02-25T[Link].138053129Z], remaining: [19] secs
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25255
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25255
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20072
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20072
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25186
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25205
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25186
[2024-02-25T[Link],419][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25205
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],491][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],491][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],491][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],746][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],747][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313498552//1261848
[2024-02-25T[Link],747][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313498552//1261848
[2024-02-25T[Link],747][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 1530 bytes.
[2024-02-25T[Link],798][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].746918837Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26044,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509664,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"aed1367c822142
906b4164c20d637263\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26044,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509664,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"aed1367c822142
906b4164c20d637263\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],799][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>26044, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"aed1367c822142906b4164c20d637263",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509664, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].746918837Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26044,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509664,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"aed1367c822142
906b4164c20d637263\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":26044,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0\",\"requestUri\":\
"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&re
v=0&space=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":389,\"sentBytes\":515,\"connectionSerialNumber\":509664,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"aed1367c822142
906b4164c20d637263\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],799][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>26044, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"aed1367c822142906b4164c20d637263", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>515,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509664, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>389,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"In=1&mo=18979&mode=al2&namber=5789364&no=0&page=60&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],810][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>5260, :content_length=>1523, :batch_offset=>0}
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],715][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.005229239S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005228039S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005176439S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1654328116} forced-compaction result
(captures: `32` span: `PT5M5.188385383S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=458771051} forced-compaction result
(captures: `32` span: `PT5M5.187852771S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1783169091} forced-compaction result
(captures: `32` span: `PT5M5.18778327S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1822563343} forced-compaction result
(captures: `32` span: `PT5M5.187765469S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1457154052} forced-compaction result
(captures: `32` span: `PT5M5.187726569S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.031903224S`)
[2024-02-25T[Link],715][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.031857123S`)
[2024-02-25T[Link],174][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],181][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],732][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],419][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20254
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25071
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20254
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25071
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20185
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20204
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20185
[2024-02-25T[Link],420][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20204
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],420][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],605][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],718][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.00568355S`)
[2024-02-25T[Link],718][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.005872054S`)
[2024-02-25T[Link],718][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.005804552S`)
[2024-02-25T[Link],718][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.005790552S`)
[2024-02-25T[Link],718][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.005793352S`)
[2024-02-25T[Link],718][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.005845453S`)
[2024-02-25T[Link],718][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.005914355S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1672453985} forced-compaction result
(captures: `32` span: `PT5M5.186927626S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]]
RetentionWindow{policy=last_5_minutes id=1936234221} forced-compaction result
(captures: `32` span: `PT5M5.186843125S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.006029257S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.005998457S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.005977156S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.005960056S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.005942455S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.005925855S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.005910055S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.005872154S`)
[2024-02-25T[Link],719][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.005853053S`)
[2024-02-25T[Link],186][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],186][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],421][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],421][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25253
[2024-02-25T[Link],421][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20070
[2024-02-25T[Link],421][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25185
[2024-02-25T[Link],421][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25204
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25252
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20069
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25184
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25203
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],491][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],491][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],491][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],729][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],721][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.005908769S`)
[2024-02-25T[Link],721][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.005990071S`)
[2024-02-25T[Link],722][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],192][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],192][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],964][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is processing a batch of
size 1.
[2024-02-25T[Link],966][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Saving checkpoint: 6725945913136//1542269
[2024-02-25T[Link],966][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: updateCheckpoint() 6725945913136//1542269
[2024-02-25T[Link],967][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 finished processing a batch
of 5554 bytes.
[2024-02-25T[Link],017][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].966214441Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62321,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":36493,\"sentBytes\":246603,\"connectionSerialNumber\":53549
9,\"noOfConnectionRequests\":7,\"clientResponseTime\":0.006,\"timeTaken\":0.594,\"W
AFEvaluationTime\":\"0.024\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"93c677a2ed6773e9e202d48d1ede9ec1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.564\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1177,\"sentBytes\":231544,\"connectionSerialNumber\":535551
,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.044,\"WA
FEvaluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"47c8e5fde382c6887f15398e14ff0d28\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535551,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"463dc7e02f42e0
2aa4337dedbd043d93\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62321,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":36493,\"sentBytes\":246603,\"connectionSerialNumber\":53549
9,\"noOfConnectionRequests\":7,\"clientResponseTime\":0.006,\"timeTaken\":0.594,\"W
AFEvaluationTime\":\"0.024\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"93c677a2ed6773e9e202d48d1ede9ec1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.564\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1177,\"sentBytes\":231544,\"connectionSerialNumber\":535551
,\"noOfConnectionRequests\":1,\"clientResponse
Time\":0.006,\"timeTaken\":0.044,\"WAFEvaluationTime\":\"0.000\",\"WAFMode\":\"Prev
ention\",\"WAFPolicyID\":\"\\/subscriptions\\/2bd75eb1-d088-445b-a7e3-
3f0510c83ca3\\/resourceGroups\\/RG_YAzureDMZ_APG02\\/providers\\/
[Link]\\/ApplicationGatewayWebApplicationFirewallPolicies\\/
APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"47c8e5fde382c6887f15398e14ff0d28\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535551,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"463dc7e02f42e0
2aa4337dedbd043d93\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],019][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62321, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.594e0,
"transactionId"=>"93c677a2ed6773e9e202d48d1ede9ec1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.024",
"serverStatus"=>"302", "clientIP"=>"[Link]", "httpStatus"=>302,
"sentBytes"=>246603, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535499, "contentType"=>"application/x-www-form-
urlencoded", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>36493, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg
%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.6e-2, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edg/115.0.1901.188", "upstreamSourcePort"=>"31880",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>7, "serverResponseLatency"=>"0.564"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"},
{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62337, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.44e-1,
"transactionId"=>"47c8e5fde382c6887f15398e14ff0d28", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>231544, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535551, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>1177, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"31880", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.040"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"},
{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG02_BackendPool00_DUMMY",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"",
"clientPort"=>62337, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"463dc7e02f42e02aa4337dedbd043d93", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/[Link]", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>502,
"sentBytes"=>768, "requestUri"=>"/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>535551, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>948, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP00_DUMMY",
"category"=>"ApplicationGatewayAccessLog", "ruleName"=>"APG02_RoutingRule01"}],
"@timestamp"=>2024-02-25T[Link].966214441Z, "message"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG02\", \"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_
RoutingRule01\", \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62321,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":36493,\"sentBytes\":246603,\"connectionSerialNumber\":53549
9,\"noOfConnectionRequests\":7,\"clientResponseTime\":0.006,\"timeTaken\":0.594,\"W
AFEvaluationTime\":\"0.024\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"93c677a2ed6773e9e202d48d1ede9ec1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.564\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1177,\"sentBytes\":231544,\"connectionSerialNumber\":535551
,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.044,\"WA
FEvaluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"47c8e5fde382c6887f15398e14ff0d28\",\"sslEnabled\":\"o
n\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535551,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"463dc7e02f42e0
2aa4337dedbd043d93\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62321,\"
httpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"application\\/x-www-form-
urlencoded\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":302,\"httpVersion
\":\"HTTP\\/
1.1\",\"receivedBytes\":36493,\"sentBytes\":246603,\"connectionSerialNumber\":53549
9,\"noOfConnectionRequests\":7,\"clientResponseTime\":0.006,\"timeTaken\":0.594,\"W
AFEvaluationTime\":\"0.024\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"93c677a2ed6773e9e202d48d1ede9ec1\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"302\",\"serverResponseLatency\":\"0.564\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool12_ESS-
ESS\", \"backendSettingName\": \"APG02_HTTP12_ESS-
ESS\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Application
GatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/ESS\\/ESS\\/[Link]?
qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d
%3d\",\"requestUri\":\"\\/ESS\\/ESS\\/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"requestQuery\":\"qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d\",\"userAgent\":\"Mozilla\\/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko)
Chrome\\/[Link] Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":1177,\"sentBytes\":231544,\"connectionSerialNumber\":535551
,\"noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.044,\"WA
FEvaluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG02\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/APG02_WAFPolicy12_ESS-
ESS\",\"transactionId\":\"47c8e5fde382c6887f15398e14ff0d28\",\"sslEnabled\":\"on\",
\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.040\",\"upstr
eamSourcePort\":\"31880\",\"originalHost\":\"yazure-
[Link]\",\"host\":\"[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02\",
\"listenerName\": \"APG02_Listener01_HTTPS\", \"ruleName\": \"APG02_RoutingRule01\"
, \"backendPoolName\": \"APG02_BackendPool00_DUMMY\", \"backendSettingName\": \"APG
02_HTTP00_DUMMY\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \
"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":62337,\"
httpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/
[Link]\",\"requestUri\":\"\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36
Edg\\/115.0.1901.188\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":502,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":948,\"sentBytes\":768,\"connectionSerialNumber\":535551,\"n
oOfConnectionRequests\":2,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"463dc7e02f42e0
2aa4337dedbd043d93\",\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],023][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62321, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.594e0,
"transactionId"=>"93c677a2ed6773e9e202d48d1ede9ec1", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.024",
"serverStatus"=>"302", "clientIP"=>"[Link]", "httpStatus"=>302,
"sentBytes"=>246603, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzM%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535499, "contentType"=>"application/x-www-form-
urlencoded", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>36493, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg
%3d%3d&SRN=MzM%3d&DM=MA%3d%3d", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.6e-2, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edg/115.0.1901.188", "upstreamSourcePort"=>"31880",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>7, "serverResponseLatency"=>"0.564"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],023][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool12_ESS-ESS",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"yazure-
[Link]", "clientPort"=>62337, "sslProtocol"=>"TLSv1.2",
"serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384",
"WAFMode"=>"Prevention", "timeTaken"=>0.44e-1,
"transactionId"=>"47c8e5fde382c6887f15398e14ff0d28", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE
%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>231544, "requestUri"=>"/ESS/ESS/[Link]?qn=MTUwMDU3NzYzOQ%3d
%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d%3d",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG02/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG02_WAFPolicy12_ESS-ESS",
"connectionSerialNumber"=>535551, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>1177, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"qn=MTUwMDU3NzYzOQ%3d%3d&pn=MDE%3d&EM=Mg%3d%3d&SRN=MzQ%3d&DM=MA%3d
%3d", "error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"31880", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>"0.040"}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP12_ESS-ESS",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],024][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG02_BackendPool00_DUMMY",
"listenerName"=>"APG02_Listener01_HTTPS", "properties"=>{"host"=>"",
"clientPort"=>62337, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"463dc7e02f42e02aa4337dedbd043d93", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/[Link]", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>502,
"sentBytes"=>768, "requestUri"=>"/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>535551, "contentType"=>"", "originalHost"=>"yazure-
[Link]", "sslEnabled"=>"on", "receivedBytes"=>948, "httpMethod"=>"GET",
"sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4", "requestQuery"=>"",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36 Edg/115.0.1901.188",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.1", "noOfConnectionRequests"=>2,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG02/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-AZURE_APG02",
"backendSettingName"=>"APG02_HTTP00_DUMMY",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG02_RoutingRule01"}, :field=>"records"}
[2024-02-25T[Link],034][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>43312, :content_length=>3624, :batch_offset=>0}
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20252
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25069
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20184
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20203
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20252
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25069
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20184
[2024-02-25T[Link],422][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20203
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],422][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],674][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],717][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],200][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],200][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],721][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],983][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - Reschedule operation timer,
current: [2024-02-25T[Link].983501219Z], remaining: [54] secs
[2024-02-25T[Link],984][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], linkName[LN_f9801c_1708832068620_e07_G30] - Reschedule operation timer,
current: [2024-02-25T[Link].984943750Z], remaining: [54] secs
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],423][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25251
[2024-02-25T[Link],423][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20068
[2024-02-25T[Link],423][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25251
[2024-02-25T[Link],423][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20068
[2024-02-25T[Link],423][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25183
[2024-02-25T[Link],423][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25202
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],423][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],423][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25183
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25201
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],344][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - Reschedule operation timer,
current: [2024-02-25T[Link].344604465Z], remaining: [28] secs
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],717][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],725][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.030494117S`)
[2024-02-25T[Link],725][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.030482717S`)
[2024-02-25T[Link],725][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.030501617S`)
[2024-02-25T[Link],725][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.030504117S`)
[2024-02-25T[Link],725][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.030500217S`)
[2024-02-25T[Link],917][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],919][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313500152//1261849
[2024-02-25T[Link],919][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313500152//1261849
[2024-02-25T[Link],919][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 5192 bytes.
[2024-02-25T[Link],970][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].918801067Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52221,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=285\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":496,\"sentBytes\":509,\"connectionSerialNumber\":509685,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5c483eaf056a9d
62f4387fe5b2e6565c\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52372,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=8b202e0cb5c93\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1771,\"sentBytes\":757,\"connectionSerialNumber\":509686,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.221,\"timeTaken\":0.224,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d04494f58eadbca49c003e51e3001ce8\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":2728,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=509440&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=509440&no=0&rev\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":6141,\"connectionSerialNumber\":509688,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4d3dba64ecff6896ab0b6471d550c142\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52221,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=285\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":496,\"sentBytes\":509,\"connectionSerialNumber\":509685,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5c483eaf056a9d
62f4387fe5b2e6565c\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52372,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=8b202e0cb5c93\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1771,\"sentBytes\":757,\"connectionSerialNumber\":509686,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.221,\"timeTaken\":0.224,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d04494f58eadbca49c003e51e3001ce8\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-AZURE_APG01_V2\",
\"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\": \"APG01_RoutingR
ule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\", \"backendSetting
Name\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGatewayAccess\", \"
category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":2728,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=509440&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=509440&no=0&rev\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":6141,\"connectionSerialNumber\":509688,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4d3dba64ecff6896ab0b6471d550c142\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],971][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>52221, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"5c483eaf056a9d62f4387fe5b2e6565c",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>509,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509685, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>496,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Iron Safari/537.36", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.0",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP", "properties"=>{"host"=>"",
"clientPort"=>52372, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention",
"timeTaken"=>0.224e0, "transactionId"=>"d04494f58eadbca49c003e51e3001ce8",
"sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>403, "sentBytes"=>757,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509686, "contentType"=>"multipart/form-data;
boundary=8b202e0cb5c93", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>1771, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.221e0, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Iron Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.0", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>2728,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.61e-1,
"transactionId"=>"4d3dba64ecff6896ab0b6471d550c142", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=509440&no=0&rev", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6141, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509688, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=509440&no=0&rev",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"18210",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].918801067Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52221,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=285\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":496,\"sentBytes\":509,\"connectionSerialNumber\":509685,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5c483eaf056a9d
62f4387fe5b2e6565c\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52372,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=8b202e0cb5c93\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1771,\"sentBytes\":757,\"connectionSerialNumber\":509686,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.221,\"timeTaken\":0.224,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d04494f58eadbca49c003e51e3001ce8\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":2728,\"ht
tpMethod\":\"GET\",\"or
iginalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/[Link]?
mode=al2&namber=509440&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=509440&no=0&rev\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":6141,\"connectionSerialNumber\":509688,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4d3dba64ecff6896ab0b6471d550c142\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52221,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=285\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":496,\"sentBytes\":509,\"connectionSerialNumber\":509685,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5c483eaf056a9d
62f4387fe5b2e6565c\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":52372,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Iron
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=8b202e0cb5c93\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1771,\"sentBytes\":757,\"connectionSerialNumber\":509686,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.221,\"timeTaken\":0.224,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"d04494f58eadbca49c003e51e3001ce8\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}},{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":2728,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=509440&no=0&rev\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=509440&no=0&rev\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":6141,\"connectionSerialNumber\":509688,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.061,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"4d3dba64ecff6896ab0b6471d550c142\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"18210\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],972][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>52221, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"5c483eaf056a9d62f4387fe5b2e6565c", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>509,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509685, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>496,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=30443&mode=al2&namber=41284&no=0&page=0&rev=1&space=285",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Iron Safari/537.36", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.0",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],972][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP", "properties"=>{"host"=>"",
"clientPort"=>52372, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention",
"timeTaken"=>0.224e0, "transactionId"=>"d04494f58eadbca49c003e51e3001ce8",
"sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>403, "sentBytes"=>757,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509686, "contentType"=>"multipart/form-data;
boundary=8b202e0cb5c93", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>1771, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_2", "requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.221e0, "userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Iron Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.0", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],976][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>2728,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.61e-1,
"transactionId"=>"4d3dba64ecff6896ab0b6471d550c142", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=509440&no=0&rev", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6141, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509688, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=509440&no=0&rev",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"18210",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],987][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>40495, :content_length=>3735, :batch_offset=>0}
[2024-02-25T[Link],211][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],212][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20250
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25068
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20182
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20201
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20250
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25068
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20182
[2024-02-25T[Link],424][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20201
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],424][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],625][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],721][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],721][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],723][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],721][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],727][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.029851343S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.029783443S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.029758042S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.029755541S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.029701241S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.029691241S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.02967964S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.029682441S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.02967194S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.02966864S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.029665339S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.02966444S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.02966294S`)
[2024-02-25T[Link],728][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.029659939S`)
[2024-02-25T[Link],216][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],216][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25250
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20067
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25181
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25200
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25250
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20067
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25181
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25200
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],719][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],719][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],721][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],730][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.004896515S`)
[2024-02-25T[Link],730][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.004902515S`)
[2024-02-25T[Link],730][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.004869014S`)
[2024-02-25T[Link],730][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.029599379S`)
[2024-02-25T[Link],730][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.029579679S`)
[2024-02-25T[Link],221][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],221][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],720][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],720][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],721][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],314][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],316][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313505416//1261850
[2024-02-25T[Link],316][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313505416//1261850
[2024-02-25T[Link],316][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 1516 bytes.
[2024-02-25T[Link],367][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].315777397Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":4378,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&spa
ce=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509691,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5677435099c389
695de1fe70ca41771f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":4378,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&spa
ce=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509691,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5677435099c389
695de1fe70ca41771f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],367][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>4378, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"5677435099c389695de1fe70ca41771f",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>508,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509691, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>382,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].315777397Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":4378,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&spa
ce=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509691,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5677435099c389
695de1fe70ca41771f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":4378,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0\",\"requestUri\":\"\\/
cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&spa
ce=0\",\"userAgent\":\"Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":382,\"sentBytes\":508,\"connectionSerialNumber\":509691,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"5677435099c389
695de1fe70ca41771f\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],368][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>4378, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"5677435099c389695de1fe70ca41771f", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>508,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509691, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>382,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mo=735&mode=al2&namber=5789364&no=0&page=80&rev=0&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],370][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>5219, :content_length=>1504, :batch_offset=>0}
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20250
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20250
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25067
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25067
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20181
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20181
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20200
[2024-02-25T[Link],425][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20200
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],425][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],606][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],723][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],723][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],732][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.004753512S`)
[2024-02-25T[Link],732][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.004894915S`)
[2024-02-25T[Link],732][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.004995717S`)
[2024-02-25T[Link],732][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.004936315S`)
[2024-02-25T[Link],732][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.004931216S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.004931716S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.004933615S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.004936015S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.004936916S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.004932115S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.004940116S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.004950916S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.004953016S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.004955216S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.004960016S`)
[2024-02-25T[Link],733][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.004962317S`)
[2024-02-25T[Link],225][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],225][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25249
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20066
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25249
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25181
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20066
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25200
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25181
[2024-02-25T[Link],426][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25200
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],492][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],735][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.004943216S`)
[2024-02-25T[Link],736][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.005396926S`)
[2024-02-25T[Link],231][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],231][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],426][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20248
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25066
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20248
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20180
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25066
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20199
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20180
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20199
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],675][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],624][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336289808//1261945
[2024-02-25T[Link],626][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336289808//1261945
[2024-02-25T[Link],626][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 3510 bytes.
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - schedule operation timer, current:
[2024-02-25T[Link].626331962Z], remaining: [60] secs
[2024-02-25T[Link],676][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].625422343Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":41655,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":785,\"sentBytes\":7689,\"connectionSerialNumber\":510168,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c319b79edfe7214a0c289694016e5705\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59867,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":486,\"sentBytes\":507,\"connectionSerialNumber\":510169,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6957d731a24768
41b01f98e8b24e1fab\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":41655,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":785,\"sentBytes\":7689,\"connectionSerialNumber\":510168,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c319b79edfe7214a0c289694016e5705\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59867,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":486,\"sentBytes\":507,\"connectionSerialNumber\":510169,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6957d731a24768
41b01f98e8b24e1fab\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],677][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41655,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.65e-1,
"transactionId"=>"c319b79edfe7214a0c289694016e5705", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7689,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510168, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>785,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"49918",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>59867, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"6957d731a2476841b01f98e8b24e1fab",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>507, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>510169, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>486,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.0",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}], "@timestamp"=>2024-02-
25T[Link].625422343Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":41655,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":785,\"sentBytes\":7689,\"connectionSerialNumber\":510168,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c319b79edfe7214a0c289694016e5705\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59867,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":486,\"sentBytes\":507,\"connectionSerialNumber\":510169,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6957d731a24768
41b01f98e8b24e1fab\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}", "event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-
02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":41655,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":785,\"sentBytes\":7689,\"connectionSerialNumber\":510168,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.006,\"timeTaken\":0.065,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"c319b79edfe7214a0c289694016e5705\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"49918\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{
\"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":59867,\"ht
tpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&spac
e=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1; Win64; x64)
AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"http
Status\":301,\"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":486,\"sentBytes\":507,\"connectionSerialNumber\":510169,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"6957d731a24768
41b01f98e8b24e1fab\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}}]}"}}}
[2024-02-25T[Link],678][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>41655,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.65e-1,
"transactionId"=>"c319b79edfe7214a0c289694016e5705", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"WAFEvaluationTime"=>"0.000", "serverStatus"=>"200", "clientIP"=>"[Link]",
"httpStatus"=>200, "sentBytes"=>7689,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510168, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>785,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.6e-2,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"49918",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],679][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>59867, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"6957d731a2476841b01f98e8b24e1fab", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0", "WAFEvaluationTime"=>"",
"serverStatus"=>"", "clientIP"=>"[Link]", "httpStatus"=>301,
"sentBytes"=>507, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"", "connectionSerialNumber"=>510169, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>486,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_4",
"requestQuery"=>"mo=18606&mode=al2&namber=41284&no=0&page=0&rev=1&space=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/[Link] Safari/537.36", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.0",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],686][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>2, :payload_size=>19722, :content_length=>2928, :batch_offset=>0}
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],717][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],725][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],235][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],235][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],711][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - schedule operation timer, current:
[2024-02-25T[Link].711486581Z], remaining: [60] secs
[2024-02-25T[Link],712][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], linkName[LN_c22bd3_1708832038545_dc7f_G9] - Reschedule operation timer,
current: [2024-02-25T[Link].712963513Z], remaining: [59] secs
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],717][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25249
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20066
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25180
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25249
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25199
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20066
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25180
[2024-02-25T[Link],427][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25199
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],427][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 1
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],443][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], linkName[LN_7535a2_1708832073460_45c_G10] - Reschedule operation timer,
current: [2024-02-25T[Link].443477986Z], remaining: [54] secs
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],740][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.030598365S`)
[2024-02-25T[Link],740][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.030572364S`)
[2024-02-25T[Link],740][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.030566665S`)
[2024-02-25T[Link],740][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.030535264S`)
[2024-02-25T[Link],740][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.030481763S`)
[2024-02-25T[Link],241][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],241][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],714][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is processing a batch of
size 1.
[2024-02-25T[Link],716][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Saving checkpoint: 1533336293384//1261946
[2024-02-25T[Link],716][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: updateCheckpoint() 1533336293384//1261946
[2024-02-25T[Link],717][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 finished processing a batch
of 5263 bytes.
[2024-02-25T[Link],767][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].716204588Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":38277,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":518,\"connectionSerialNumber\":509712,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c40d85e673683e
679b36d8148eda879a\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35618,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5705943&no=0&rev=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5705943&no=0&rev=0\",\"userAgent\":\"
Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":359,\"sentBytes\":6145,\"connectionSerialNumber\":509713,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.066,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"da24a22acd5c47c4225bdf6b323dc274\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":46594,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=90741&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=90741&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509715,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"6e26a860ed5de067ee90c033cf5345f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":38277,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":518,\"connectionSerialNumber\":509712,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c40d85e673683e
679b36d8148eda879a\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35618,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5705943&no=0&rev=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5705943&no=0&rev=0\",\"userAgent\":\"
Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":359,\"sentBytes\":6145,\"connectionSerialNumber\":509713,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.066,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"da24a22acd5c47c4225bdf6b323dc274\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\",
\"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":46594,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=90741&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=90741&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509715,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"6e26a860ed5de067ee90c033cf5345f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],768][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect", "properties"=>{"host"=>"",
"clientPort"=>38277, "sslProtocol"=>"", "serverRouted"=>"", "sslCipher"=>"",
"WAFMode"=>"", "timeTaken"=>0, "transactionId"=>"c40d85e673683e679b36d8148eda879a",
"sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>518,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509712, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>617,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, {"time"=>"2024-02-
25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>35618,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.66e-1,
"transactionId"=>"da24a22acd5c47c4225bdf6b323dc274", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=5705943&no=0&rev=0", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6145, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509713, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>359,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=5705943&no=0&rev=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"51938",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, {"time"=>"2024-02-25T[Link]+00:00",
"timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>46594,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.64e-1,
"transactionId"=>"6e26a860ed5de067ee90c033cf5345f4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=90741&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509715, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=90741&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"51938",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].716204588Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":38277,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":518,\"connectionSerialNumber\":509712,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c40d85e673683e
679b36d8148eda879a\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35618,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5705943&no=0&rev=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5705943&no=0&rev=0\",\"userAgent\":\"
Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":359,\"sentBytes\":6145,\"connectionSerialNumber\":509713,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.066,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"da24a22acd5c47c4225bdf6b323dc274\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\",
\"operationName\": \"ApplicationGatewayAccess\", \"category\": \"ApplicationGatewa
yAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":46594,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=90741&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=90741&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509715,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"6e26a860ed5de067ee90c033cf5345f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}", "event"=>{"original"=>"{\"records\":
[{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTP_RepJP-
Redirect\", \"ruleName\": \"APG01_RoutingRule12_RepJP-
Redirect\", \"operationName\": \"ApplicationGatewayAccess\", \"category\": \"Applic
ationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":38277,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0\",\"requestUri\":\"\
\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&
In=1&no=0\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox
One) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link] Safari\\/537.36
Edge\\/44.18363.8131\",\"contentType\":\"\",\"error_info\":\"ERRORINFO_NO_ERROR\",\
"httpStatus\":301,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":617,\"sentBytes\":518,\"connectionSerialNumber\":509712,\"n
oOfConnectionRequests\":1,\"clientResponseTime\":0,\"timeTaken\":0,\"WAFEvaluationT
ime\":\"\",\"WAFMode\":\"\",\"WAFPolicyID\":\"\",\"transactionId\":\"c40d85e673683e
679b36d8148eda879a\",\"sslEnabled\":\"\",\"sslCipher\":\"\",\"sslProtocol\":\"\",\"
sslClientVerify\":\"\",\"sslClientCertificateFingerprint\":\"\",\"sslClientCertific
ateIssuerName\":\"\",\"serverRouted\":\"\",\"serverStatus\":\"\",\"serverResponseLa
tency\":\"\",\"upstreamSourcePort\":\"\",\"originalHost\":\"[Link]\",\
"host\":\"\"}},{ \"timeStamp\": \"2024-02-25T[Link]+00:00\", \"time\": \"2024-02-
25T[Link]+00:00\", \"resourceId\": \"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-
3F0510C83CA3/RESOURCEGROUPS/RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/
APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":35618,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=al2&namber=5705943&no=0&rev=0\",\"requestUri\":\"\\/cgi-
bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=al2&namber=5705943&no=0&rev=0\",\"userAgent\":\"
Mozilla\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":359,\"sentBytes\":6145,\"connectionSerialNumber\":509713,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.066,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"da24a22acd5c47c4225bdf6b323dc274\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.060\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}},{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_2\",\"clientIP\":\"[Link]\",\"clientPort\":46594,\"h
ttpMethod\":\"GET\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]?mode=res&namber=90741&no=0&page\",\"requestUri\":\"\\/cgi-bin\\/
fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"mode=res&namber=90741&no=0&page\",\"userAgent\":\"Moz
illa\\/5.0 (compatible; SemrushBot\\/7~bl;
+http:\\/\\/[Link]\\/[Link])\",\"contentType\":\"\",\"error_info\":\"ERR
ORINFO_NO_ERROR\",\"httpStatus\":200,\"httpVersion\":\"HTTP\\/
1.1\",\"receivedBytes\":356,\"sentBytes\":5974,\"connectionSerialNumber\":509715,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.005,\"timeTaken\":0.064,\"WAFEv
aluationTime\":\"0.000\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"6e26a860ed5de067ee90c033cf5345f4\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
[Link]:80\",\"serverStatus\":\"200\",\"serverResponseLatency\":\"0.064\",\"upst
reamSourcePort\":\"51938\",\"originalHost\":\"[Link]\",\"host\":\"rep.
[Link]\"}}]}"}}}
[2024-02-25T[Link],769][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "listenerName"=>"APG01_Listener12_HTTP_RepJP-Redirect",
"properties"=>{"host"=>"", "clientPort"=>38277, "sslProtocol"=>"",
"serverRouted"=>"", "sslCipher"=>"", "WAFMode"=>"", "timeTaken"=>0,
"transactionId"=>"c40d85e673683e679b36d8148eda879a", "sslClientVerify"=>"",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"WAFEvaluationTime"=>"", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>301, "sentBytes"=>518,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]", "WAFPolicyID"=>"",
"connectionSerialNumber"=>509712, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"", "receivedBytes"=>617,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&mo=6293&namber=5789364&space=0&rev=0&page=0&In=1&no=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0,
"userAgent"=>"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Xbox; Xbox One)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36
Edge/44.18363.8131", "upstreamSourcePort"=>"",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>""},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP-Redirect"}, :field=>"records"}
[2024-02-25T[Link],770][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>35618,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.66e-1,
"transactionId"=>"da24a22acd5c47c4225bdf6b323dc274", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=al2&namber=5705943&no=0&rev=0", "WAFEvaluationTime"=>"0.004",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>6145, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509713, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>359,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=al2&namber=5705943&no=0&rev=0",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"51938",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.060"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],775][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP",
"properties"=>{"host"=>"[Link]", "clientPort"=>46594,
"sslProtocol"=>"TLSv1.2", "serverRouted"=>"[Link]:80", "sslCipher"=>"ECDHE-RSA-
AES256-GCM-SHA384", "WAFMode"=>"Prevention", "timeTaken"=>0.64e-1,
"transactionId"=>"6e26a860ed5de067ee90c033cf5345f4", "sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]?
mode=res&namber=90741&no=0&page", "WAFEvaluationTime"=>"0.000",
"serverStatus"=>"200", "clientIP"=>"[Link]", "httpStatus"=>200,
"sentBytes"=>5974, "requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>509715, "contentType"=>"",
"originalHost"=>"[Link]", "sslEnabled"=>"on", "receivedBytes"=>356,
"httpMethod"=>"GET", "sslClientCertificateIssuerName"=>"", "instanceId"=>"appgw_2",
"requestQuery"=>"mode=res&namber=90741&no=0&page",
"error_info"=>"ERRORINFO_NO_ERROR", "clientResponseTime"=>0.5e-2,
"userAgent"=>"Mozilla/5.0 (compatible; SemrushBot/7~bl;
+[Link] "upstreamSourcePort"=>"51938",
"sslClientCertificateFingerprint"=>"", "httpVersion"=>"HTTP/1.1",
"noOfConnectionRequests"=>1, "serverResponseLatency"=>"0.064"},
"operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],778][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>3, :payload_size=>41137, :content_length=>3712, :batch_offset=>0}
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20248
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25065
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20248
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20179
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25065
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20198
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20179
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20198
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],607][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],608][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],626][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],627][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],717][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],614][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].614910086Z], remaining: [37] secs
[2024-02-25T[Link],615][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].615337496Z], remaining: [37] secs
[2024-02-25T[Link],708][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is processing a batch of
size 1.
[2024-02-25T[Link],710][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Saving checkpoint: 1533313507000//1261851
[2024-02-25T[Link],710][DEBUG]
[[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: updateCheckpoint() 1533313507000//1261851
[2024-02-25T[Link],710][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 finished processing a batch
of 1814 bytes.
[2024-02-25T[Link],761][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Running json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "@timestamp"=>2024-02-
25T[Link].709607728Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60036,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=e722d1adce552\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1753,\"sentBytes\":757,\"connectionSerialNumber\":510171,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.223,\"timeTaken\":0.228,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8185d612bff06df6bea063ddde997e35\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60036,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=e722d1adce552\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1753,\"sentBytes\":757,\"connectionSerialNumber\":510171,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.223,\"timeTaken\":0.228,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8185d612bff06df6bea063ddde997e35\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],762][DEBUG][[Link] ][azure_waf_access]
[13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007] Event after json
filter {:event=>{"@version"=>"1", "type"=>"azure_waf", "records"=>[{"time"=>"2024-
02-25T[Link]+00:00", "timeStamp"=>"2024-02-25T[Link]+00:00",
"backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP", "properties"=>{"host"=>"",
"clientPort"=>60036, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention",
"timeTaken"=>0.228e0, "transactionId"=>"8185d612bff06df6bea063ddde997e35",
"sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>403, "sentBytes"=>757,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510171, "contentType"=>"multipart/form-data;
boundary=e722d1adce552", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>1753, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.223e0, "userAgent"=>"Mozilla/5.0 (Windows NT 6.1; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.0", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}], "@timestamp"=>2024-02-
25T[Link].709607728Z, "message"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60036,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=e722d1adce552\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1753,\"sentBytes\":757,\"connectionSerialNumber\":510171,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.223,\"timeTaken\":0.228,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8185d612bff06df6bea063ddde997e35\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}",
"event"=>{"original"=>"{\"records\": [{ \"timeStamp\": \"2024-02-
25T[Link]+00:00\", \"time\": \"2024-02-25T[Link]+00:00\", \"resourceId\":
\"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2\", \"listenerName\": \"APG01_Listener12_HTTPS_RepJP\", \"ruleName\":
\"APG01_RoutingRule12_RepJP\", \"backendPoolName\": \"APG01_BackendPool12_RepJP\",
\"backendSettingName\": \"APG01_HTTP12_RepJP\", \"operationName\": \"ApplicationGat
ewayAccess\", \"category\": \"ApplicationGatewayAccessLog\", \"properties\":
{\"instanceId\":\"appgw_4\",\"clientIP\":\"[Link]\",\"clientPort\":60036,\"ht
tpMethod\":\"POST\",\"originalRequestUriWithArgs\":\"\\/cgi-bin\\/fam3cyber\\/
cbbs\\/[Link]\",\"requestUri\":\"\\/cgi-bin\\/fam3cyber\\/cbbs\\/
[Link]\",\"requestQuery\":\"\",\"userAgent\":\"Mozilla\\/5.0 (Windows NT 6.1;
Win64; x64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/[Link]
Safari\\/537.36\",\"contentType\":\"multipart\\/form-data;
boundary=e722d1adce552\",\"error_info\":\"ERRORINFO_NO_ERROR\",\"httpStatus\":403,\
"httpVersion\":\"HTTP\\/
1.0\",\"receivedBytes\":1753,\"sentBytes\":757,\"connectionSerialNumber\":510171,\"
noOfConnectionRequests\":1,\"clientResponseTime\":0.223,\"timeTaken\":0.228,\"WAFEv
aluationTime\":\"0.004\",\"WAFMode\":\"Prevention\",\"WAFPolicyID\":\"\\/
subscriptions\\/2bd75eb1-d088-445b-a7e3-3f0510c83ca3\\/resourceGroups\\/
RG_YAzureDMZ_APG01\\/providers\\/[Link]\\/
ApplicationGatewayWebApplicationFirewallPolicies\\/
APG01V2_WAFPolicy12_RepJP\",\"transactionId\":\"8185d612bff06df6bea063ddde997e35\",
\"sslEnabled\":\"on\",\"sslCipher\":\"ECDHE-RSA-AES256-GCM-
SHA384\",\"sslProtocol\":\"TLSv1.2\",\"sslClientVerify\":\"NONE\",\"sslClientCertif
icateFingerprint\":\"\",\"sslClientCertificateIssuerName\":\"\",\"serverRouted\":\"
\",\"serverStatus\":\"\",\"serverResponseLatency\":\"\",\"upstreamSourcePort\":\"\"
,\"originalHost\":\"[Link]\",\"host\":\"\"}}]}"}}}
[2024-02-25T[Link],763][DEBUG][[Link] ][azure_waf_access]
[c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c] Split event
{:value=>{"time"=>"2024-02-25T[Link]+00:00", "timeStamp"=>"2024-02-
25T[Link]+00:00", "backendPoolName"=>"APG01_BackendPool12_RepJP",
"listenerName"=>"APG01_Listener12_HTTPS_RepJP", "properties"=>{"host"=>"",
"clientPort"=>60036, "sslProtocol"=>"TLSv1.2", "serverRouted"=>"",
"sslCipher"=>"ECDHE-RSA-AES256-GCM-SHA384", "WAFMode"=>"Prevention",
"timeTaken"=>0.228e0, "transactionId"=>"8185d612bff06df6bea063ddde997e35",
"sslClientVerify"=>"NONE",
"originalRequestUriWithArgs"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFEvaluationTime"=>"0.004", "serverStatus"=>"", "clientIP"=>"[Link]",
"httpStatus"=>403, "sentBytes"=>757,
"requestUri"=>"/cgi-bin/fam3cyber/cbbs/[Link]",
"WAFPolicyID"=>"/subscriptions/2bd75eb1-d088-445b-a7e3-3f0510c83ca3/
resourceGroups/RG_YAzureDMZ_APG01/providers/[Link]/
ApplicationGatewayWebApplicationFirewallPolicies/APG01V2_WAFPolicy12_RepJP",
"connectionSerialNumber"=>510171, "contentType"=>"multipart/form-data;
boundary=e722d1adce552", "originalHost"=>"[Link]", "sslEnabled"=>"on",
"receivedBytes"=>1753, "httpMethod"=>"POST", "sslClientCertificateIssuerName"=>"",
"instanceId"=>"appgw_4", "requestQuery"=>"", "error_info"=>"ERRORINFO_NO_ERROR",
"clientResponseTime"=>0.223e0, "userAgent"=>"Mozilla/5.0 (Windows NT 6.1; Win64;
x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/[Link] Safari/537.36",
"upstreamSourcePort"=>"", "sslClientCertificateFingerprint"=>"",
"httpVersion"=>"HTTP/1.0", "noOfConnectionRequests"=>1,
"serverResponseLatency"=>""}, "operationName"=>"ApplicationGatewayAccess",
"resourceId"=>"/SUBSCRIPTIONS/2BD75EB1-D088-445B-A7E3-3F0510C83CA3/RESOURCEGROUPS/
RG_YAZUREDMZ_APG01/PROVIDERS/[Link]/APPLICATIONGATEWAYS/Y-
AZURE_APG01_V2", "backendSettingName"=>"APG01_HTTP12_RepJP",
"category"=>"ApplicationGatewayAccessLog",
"ruleName"=>"APG01_RoutingRule12_RepJP"}, :field=>"records"}
[2024-02-25T[Link],765][DEBUG][[Link]][azure_waf_access]
[002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529] Sending final
bulk request for batch.
{:action_count=>1, :payload_size=>6123, :content_length=>1793, :batch_offset=>0}
[2024-02-25T[Link],718][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],727][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],742][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.030011494S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.030092095S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.030086396S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.030094495S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.030083695S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.030068595S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.030038595S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.030017894S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.030001993S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.029984893S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.029968693S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.029955192S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.029918992S`)
[2024-02-25T[Link],743][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.029902091S`)
[2024-02-25T[Link],253][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],253][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25248
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20065
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25179
[2024-02-25T[Link],428][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25198
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 1
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],428][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 25247
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 20064
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 25178
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 25197
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: leaseRenewer()
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: renewLease()
[2024-02-25T[Link],493][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: scheduling leaseRenewer in 10
[2024-02-25T[Link],724][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],724][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],726][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],744][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.004310602S`)
[2024-02-25T[Link],745][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.004314103S`)
[2024-02-25T[Link],745][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.004272201S`)
[2024-02-25T[Link],745][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.029445422S`)
[2024-02-25T[Link],745][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.029496524S`)
[2024-02-25T[Link],261][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],261][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],717][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],718][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],719][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Starting lease scan
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20247
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25064
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20178
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20197
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Starting lease scan
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20247
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
leased 25064
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
leased 20178
[2024-02-25T[Link],429][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
leased 20197
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host ordinal: 1 Rotating leases to start at
2
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Accounting input: allLeaseStates size is 4
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host ordinal: 0 Rotating leases to start at
0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Examining chunk at '2'[0] need 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Host count is 2 Desired owned count is 2
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: ourLeasesCount 2 leasesOwnedByOthers 2
unowned 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Examining chunk at '0'[0] need 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scanning took 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Short circuit: needed is 0, unowned is 0, or
off end
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Scheduling lease scanner in 5
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scanning took 0
[2024-02-25T[Link],429][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Scheduling lease scanner in 5
[2024-02-25T[Link],608][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: leaseRenewer()
[2024-02-25T[Link],608][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: renewLease()
[2024-02-25T[Link],608][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: scheduling leaseRenewer in 10
[2024-02-25T[Link],627][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: leaseRenewer()
[2024-02-25T[Link],627][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: renewLease()
[2024-02-25T[Link],627][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: scheduling leaseRenewer in 10
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: leaseRenewer()
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: renewLease()
[2024-02-25T[Link],676][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: scheduling leaseRenewer in 10
[2024-02-25T[Link],722][DEBUG][[Link]]
Skipping the following files while reading config since they don't match the
specified glob pattern {:files=>["/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/backup", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/fixed_ip_host.csv",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/input_file_gzipped.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/patterns", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq-azurewaf_20211227.conf", "/etc/logstash/conf.d/yhq-cisco-
[Link]", "/etc/logstash/conf.d/[Link]",
"/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf",
"/etc/logstash/conf.d/[Link]", "/etc/logstash/conf.d/zscaler_firewall.conf"]}
[2024-02-25T[Link],722][DEBUG][[Link]]
Reading config file {:config_file=>"/etc/logstash/conf.d/yhq-azurewaf-
[Link]"}
[2024-02-25T[Link],724][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>0}
[2024-02-25T[Link],716][WARN ][[Link] ] SIGTERM received.
Shutting down.
[2024-02-25T[Link],744][DEBUG][[Link] ] Shutting down all
pipelines {:pipelines_count=>1}
[2024-02-25T[Link],752][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.010105527S`)
[2024-02-25T[Link],752][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.01022273S`)
[2024-02-25T[Link],752][DEBUG][[Link] ] Converging pipelines
state {:actions_count=>1}
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.01026283S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.010157128S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.010157228S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.010153428S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.010153029S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.010173729S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.010182428S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.010182429S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.010181429S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.010181328S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.010180829S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.010178629S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.010178028S`)
[2024-02-25T[Link],753][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.010178529S`)
[2024-02-25T[Link],755][DEBUG][[Link] ] Executing action
{:action=>LogStash::PipelineAction::StopAndDelete/pipeline_id:azure_waf_access}
[2024-02-25T[Link],784][DEBUG][[Link] ] Closing inputs
{:pipeline_id=>"azure_waf_access", :thread=>"#<Thread:0x3de9cd2d
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 sleep>"}
[2024-02-25T[Link],786][DEBUG][[Link]] Stopping
{:plugin=>"LogStash::Inputs::AzureEventHubs"}
[2024-02-25T[Link],788][DEBUG][[Link] ] Closed inputs
{:pipeline_id=>"azure_waf_access", :thread=>"#<Thread:0x3de9cd2d
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 sleep>"}
[2024-02-25T[Link],973][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],974][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Stopping event processing
[2024-02-25T[Link],974][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Shutting down all pumps
[2024-02-25T[Link],974][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: closing pump for reason Shutdown
[2024-02-25T[Link],974][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: pump shutdown for reason Shutdown
[2024-02-25T[Link],974][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: closing pump for reason Shutdown
[2024-02-25T[Link],974][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: pump shutdown for reason Shutdown
[2024-02-25T[Link],976][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Setting receive handler to null
[2024-02-25T[Link],976][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Setting receive handler to null
[2024-02-25T[Link],010][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Unregistering
Event Hub this can take a while... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Stopping event processing
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Shutting down all pumps
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: closing pump for reason Shutdown
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: pump shutdown for reason Shutdown
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: closing pump for reason Shutdown
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: pump shutdown for reason Shutdown
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Setting receive handler to null
[2024-02-25T[Link],010][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Setting receive handler to null
[2024-02-25T[Link],267][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],267][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],755][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.010419534S`)
[2024-02-25T[Link],755][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.010501835S`)
[2024-02-25T[Link],862][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],869][ERROR][[Link]] The
shutdown process appears to be stalled due to busy or blocked plugins. Check the
logs for more information.
[2024-02-25T[Link],272][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],272][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],966][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (0) as per the request.
[2024-02-25T[Link],966][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Closing EH receiver
[2024-02-25T[Link],966][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367]
[2024-02-25T[Link],966][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver]
[2024-02-25T[Link],966][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],967][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
linkName[LN_f9801c_1708832068620_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],967][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
linkName[LN_f9801c_1708832068620_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],967][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_dea4fe_1708832068367], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],968][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-
InternalReceiver], linkName[LN_f9801c_1708832068620_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],968][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_fa3633_1708832068590_MF_dea4fe_1708832068367-InternalReceiver],
linkName[LN_f9801c_1708832068620_e07_G30], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],968][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], entityName[MF_dea4fe_1708832068367], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],968][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: Closing EH client
[2024-02-25T[Link],968][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_4d7d71_1708832068367]
[2024-02-25T[Link],968][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_dea4fe_1708832068367]
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_dea4fe_1708832068367], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],969][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_dea4fe_1708832068367],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],969][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_dea4fe_1708832068367],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_dea4fe_1708832068367], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_dea4fe_1708832068367],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],970][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_dea4fe_1708832068367], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_dea4fe_1708832068367], error[n/a]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_dea4fe_1708832068367], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_dea4fe_1708832068367], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],970][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_dea4fe_1708832068367], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],970][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_dea4fe_1708832068367], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0], condition[null],
description[null]
[2024-02-25T[Link],970][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_dea4fe_1708832068367], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],970][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_dea4fe_1708832068367], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],970][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is closing.
(reason=Shutdown)
[2024-02-25T[Link],970][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: releaseLease()
[2024-02-25T[Link],970][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(0)
leased 20706
[2024-02-25T[Link],970][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 0: releaseLease() released OK
[2024-02-25T[Link],884][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],276][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],276][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],759][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=347708838} forced-compaction result
(captures: `13` span: `PT1M0.034398042S`)
[2024-02-25T[Link],759][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1975461151} forced-compaction result
(captures: `13` span: `PT1M0.034402142S`)
[2024-02-25T[Link],759][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=834359250} forced-compaction result
(captures: `13` span: `PT1M0.034370042S`)
[2024-02-25T[Link],760][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=212501865} forced-compaction result
(captures: `13` span: `PT1M0.034366841S`)
[2024-02-25T[Link],760][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1420193271} forced-compaction result
(captures: `13` span: `PT1M0.034370441S`)
[2024-02-25T[Link],898][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],283][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],284][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],762][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1185004608} forced-compaction result
(captures: `13` span: `PT1M0.034886469S`)
[2024-02-25T[Link],762][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=470312551} forced-compaction result
(captures: `13` span: `PT1M0.034938569S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1089746968} forced-compaction result
(captures: `13` span: `PT1M0.03495087S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=852728684} forced-compaction result
(captures: `13` span: `PT1M0.03495357S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2044420810} forced-compaction result
(captures: `13` span: `PT1M0.03495457S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=650053832} forced-compaction result
(captures: `13` span: `PT1M0.03495867S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1206567167} forced-compaction result
(captures: `13` span: `PT1M0.03496027S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1766603669} forced-compaction result
(captures: `13` span: `PT1M0.034955969S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1260640580} forced-compaction result
(captures: `13` span: `PT1M0.03495627S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=352608672} forced-compaction result
(captures: `13` span: `PT1M0.03495757S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=83404487} forced-compaction result
(captures: `13` span: `PT1M0.034960671S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=216053086} forced-compaction result
(captures: `13` span: `PT1M0.03496057S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1499243647} forced-compaction result
(captures: `13` span: `PT1M0.03496157S`)
[2024-02-25T[Link],763][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=1877198741} forced-compaction result
(captures: `13` span: `PT1M0.034964071S`)
[2024-02-25T[Link],911][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],288][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],288][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],765][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1206079401} forced-compaction result (captures: `3` span: `PT10.005198253S`)
[2024-02-25T[Link],765][DEBUG]
[[Link]] RetentionWindow{policy=current
id=725814568} forced-compaction result (captures: `3` span: `PT10.005212853S`)
[2024-02-25T[Link],765][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1730595321} forced-compaction result (captures: `3` span: `PT10.005213153S`)
[2024-02-25T[Link],765][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=2047832316} forced-compaction result
(captures: `13` span: `PT1M0.034769582S`)
[2024-02-25T[Link],765][DEBUG]
[[Link]]
RetentionWindow{policy=last_1_minute id=267304298} forced-compaction result
(captures: `13` span: `PT1M0.034795882S`)
[2024-02-25T[Link],928][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],292][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],293][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],316][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].316533005Z], remaining: [22] secs
[2024-02-25T[Link],316][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], linkName[LN_163586_1708832038575_634_G17] - Reschedule operation timer,
current: [2024-02-25T[Link].316777810Z], remaining: [22] secs
[2024-02-25T[Link],337][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (3) as per the request.
[2024-02-25T[Link],337][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Closing EH receiver
[2024-02-25T[Link],337][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364]
[2024-02-25T[Link],337][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver]
[2024-02-25T[Link],337][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],338][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
linkName[LN_163586_1708832038575_634_G17], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],338][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
linkName[LN_163586_1708832038575_634_G17], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],338][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_1e7a59_1708832038364], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],339][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-
InternalReceiver], linkName[LN_163586_1708832038575_634_G17], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],339][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_bbb34e_1708832038486_MF_1e7a59_1708832038364-InternalReceiver],
linkName[LN_163586_1708832038575_634_G17], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],339][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], entityName[MF_1e7a59_1708832038364], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],339][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: Closing EH client
[2024-02-25T[Link],339][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_7a410d_1708832038364]
[2024-02-25T[Link],339][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_1e7a59_1708832038364]
[2024-02-25T[Link],339][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_1e7a59_1708832038364], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],340][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_1e7a59_1708832038364],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_1e7a59_1708832038364],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_1e7a59_1708832038364], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],341][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_1e7a59_1708832038364],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],341][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_1e7a59_1708832038364], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],341][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_1e7a59_1708832038364], error[n/a]
[2024-02-25T[Link],341][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_1e7a59_1708832038364], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],341][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_1e7a59_1708832038364], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],341][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_1e7a59_1708832038364], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],341][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_1e7a59_1708832038364], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3], condition[null],
description[null]
[2024-02-25T[Link],341][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_1e7a59_1708832038364], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],341][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_1e7a59_1708832038364], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],341][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is closing.
(reason=Shutdown)
[2024-02-25T[Link],341][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 3: releaseLease()
[2024-02-25T[Link],341][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(3)
expired -2714
[2024-02-25T[Link],767][DEBUG]
[[Link]] RetentionWindow{policy=current
id=540156057} forced-compaction result (captures: `3` span: `PT10.005228053S`)
[2024-02-25T[Link],767][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1346215174} forced-compaction result (captures: `3` span: `PT10.005368956S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=827149645} forced-compaction result (captures: `3` span: `PT10.005389557S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=235286487} forced-compaction result (captures: `3` span: `PT10.005286055S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1065480294} forced-compaction result (captures: `3` span: `PT10.005301055S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=57188157} forced-compaction result (captures: `3` span: `PT10.005300156S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1486130488} forced-compaction result (captures: `3` span: `PT10.005301655S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1741908330} forced-compaction result (captures: `3` span: `PT10.005303255S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1466017590} forced-compaction result (captures: `3` span: `PT10.005303455S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=272063376} forced-compaction result (captures: `3` span: `PT10.005304956S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1815538147} forced-compaction result (captures: `3` span: `PT10.005306255S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=273831222} forced-compaction result (captures: `3` span: `PT10.005307655S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1255151645} forced-compaction result (captures: `3` span: `PT10.005306155S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1620128012} forced-compaction result (captures: `3` span: `PT10.005315555S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1001633036} forced-compaction result (captures: `3` span: `PT10.005316556S`)
[2024-02-25T[Link],768][DEBUG]
[[Link]] RetentionWindow{policy=current
id=969583785} forced-compaction result (captures: `3` span: `PT10.005316855S`)
[2024-02-25T[Link],940][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],299][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],300][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],307][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],138][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (1) as per the request.
[2024-02-25T[Link],138][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Closing EH receiver
[2024-02-25T[Link],138][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362]
[2024-02-25T[Link],138][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver]
[2024-02-25T[Link],138][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],138][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
linkName[LN_7535a2_1708832073460_45c_G10], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],138][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
linkName[LN_7535a2_1708832073460_45c_G10], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],138][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_a4f1ec_1708832073362], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],140][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-
InternalReceiver], linkName[LN_7535a2_1708832073460_45c_G10], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],140][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_d3f17e_1708832073419_MF_a4f1ec_1708832073362-InternalReceiver],
linkName[LN_7535a2_1708832073460_45c_G10], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],140][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], entityName[MF_a4f1ec_1708832073362], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],140][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: Closing EH client
[2024-02-25T[Link],140][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_38d116_1708832073362]
[2024-02-25T[Link],140][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_a4f1ec_1708832073362]
[2024-02-25T[Link],140][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],141][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],141][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],141][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],141][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_a4f1ec_1708832073362],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_a4f1ec_1708832073362],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_a4f1ec_1708832073362], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_a4f1ec_1708832073362],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],142][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_a4f1ec_1708832073362], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],142][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362], error[n/a]
[2024-02-25T[Link],143][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_a4f1ec_1708832073362], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],143][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],143][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_a4f1ec_1708832073362], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],143][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_a4f1ec_1708832073362], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1], condition[null],
description[null]
[2024-02-25T[Link],143][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_a4f1ec_1708832073362], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],143][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_a4f1ec_1708832073362], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],143][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is closing.
(reason=Shutdown)
[2024-02-25T[Link],143][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: 1: releaseLease()
[2024-02-25T[Link],143][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(1)
expired -9650
[2024-02-25T[Link],143][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
f056301f-f62d-4924-9f8c-3fe735190fe6: Partition manager exiting
[2024-02-25T[Link],144][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],770][DEBUG]
[[Link]] RetentionWindow{policy=current
id=2108110993} forced-compaction result (captures: `3` span: `PT10.005018649S`)
[2024-02-25T[Link],770][DEBUG]
[[Link]] RetentionWindow{policy=current
id=1130893468} forced-compaction result (captures: `3` span: `PT10.005160553S`)
[2024-02-25T[Link],953][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],305][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],965][WARN ][[Link]]
{"inflight_count"=>0, "stalling_threads_info"=>{"other"=>[{"thread_id"=>35,
"name"=>"[azure_waf_access]<azure_event_hubs",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/logstash-input-
azure_event_hubs-1.4.5/lib/logstash/inputs/azure_event_hubs.r[Link]in `block in
join'"}, {"thread_id"=>28, "name"=>"[azure_waf_access]-pipeline-manager",
"current_call"=>"[...]/vendor/bundle/jruby/3.1.0/gems/thwait-0.2.0/lib/
thwait.r[Link]in `pop'"}], ["LogStash::Filters::GeoIP", {"source"=>"[records]
[properties][clientIP]", "target"=>"geoip",
"id"=>"b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9"}]=>[{"thre
ad_id"=>34, "name"=>"[azure_waf_access]>worker0", "current_call"=>"[...]/logstash-
core/lib/logstash/java_pipeline.r[Link]in `block in start_workers'"}]}}
[2024-02-25T[Link],305][DEBUG][[Link]]
[azure_waf_access] Pushing flush onto pipeline.
[2024-02-25T[Link],316][DEBUG][[Link]] collector
name {:name=>"G1 Young Generation"}
[2024-02-25T[Link],316][DEBUG][[Link]] collector
name {:name=>"G1 Old Generation"}
[2024-02-25T[Link],712][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Stopping receive
pump for eventHub (insights-logs-applicationgatewayaccesslog), consumerGroup
($Default), partition (2) as per the request.
[2024-02-25T[Link],712][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Closing EH receiver
[2024-02-25T[Link],712][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383]
[2024-02-25T[Link],712][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver]
[2024-02-25T[Link],712][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientEntity[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver] -
canceling ActiveClientLinkManager
[2024-02-25T[Link],712][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
linkName[LN_c22bd3_1708832038545_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],712][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
linkName[LN_c22bd3_1708832038545_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],713][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_00b33c_1708832038383], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],715][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[PR_539107_1708832038496_MF_00b33c_1708832038383-
InternalReceiver], linkName[LN_c22bd3_1708832038545_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],715][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[PR_539107_1708832038496_MF_00b33c_1708832038383-InternalReceiver],
linkName[LN_c22bd3_1708832038545_dc7f_G9], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],715][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteClose
connectionId[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], entityName[MF_00b33c_1708832038383], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],715][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: Closing EH client
[2024-02-25T[Link],715][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_429069_1708832038383]
[2024-02-25T[Link],715][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_00b33c_1708832038383]
[2024-02-25T[Link],716][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_00b33c_1708832038383], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],716][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],716][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],716][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],716][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[cbs-session], entityName[MF_00b33c_1708832038383],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:sender], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[cbs], linkName[cbs:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_00b33c_1708832038383],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_00b33c_1708832038383], hostName[yazure-eventhub-
[Link]], info[cbsChannel closed]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_00b33c_1708832038383],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],727][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_00b33c_1708832038383], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_00b33c_1708832038383], error[n/a]
[2024-02-25T[Link],727][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_00b33c_1708832038383], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],728][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_00b33c_1708832038383], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],728][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_00b33c_1708832038383], entityName[cbs-session], condition[null],
description[null]
[2024-02-25T[Link],728][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_00b33c_1708832038383], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2], condition[null],
description[null]
[2024-02-25T[Link],728][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_00b33c_1708832038383], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],728][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_00b33c_1708832038383], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],728][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is closing.
(reason=Shutdown)
[2024-02-25T[Link],728][DEBUG]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: 2: releaseLease()
[2024-02-25T[Link],728][DEBUG]
[[Link]$InMemoryLease]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] isExpired(2)
expired -14120
[2024-02-25T[Link],728][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
c87726d9-a7c4-448f-a604-503c9c65536a: Partition manager exiting
[2024-02-25T[Link],729][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is closed.
[2024-02-25T[Link],747][DEBUG][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Closing
{:plugin=>"LogStash::Inputs::AzureEventHubs"}
[2024-02-25T[Link],757][DEBUG][[Link] ][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Removing
metadata for plugin
e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8
[2024-02-25T[Link],759][DEBUG][[Link] ][azure_waf_access] Input
plugins stopped! Will shutdown filter/output workers.
{:pipeline_id=>"azure_waf_access", :thread=>"#<Thread:0x3de9cd2d
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],770][DEBUG][[Link] ][azure_waf_access]
Shutdown waiting for worker thread
{:pipeline_id=>"azure_waf_access", :thread=>"#<LogStash::WorkerLoopThread:0x6e9c0f5
6 /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300 run>"}
[2024-02-25T[Link],830][DEBUG][[Link] ][azure_waf_access]
Closing {:plugin=>"LogStash::Filters::Split"}
[2024-02-25T[Link],831][DEBUG][[Link] ][azure_waf_access]
Removing metadata for plugin
c9dc54bab189bcc2e72eeb2fbd060cc34f16257f502c7ae071523926284f8c3c
[2024-02-25T[Link],832][DEBUG][[Link] ][azure_waf_access]
Closing {:plugin=>"LogStash::Filters::Json"}
[2024-02-25T[Link],832][DEBUG][[Link] ][azure_waf_access]
Removing metadata for plugin
13030e5da7228f05c45b370a60d186125de0fce1dc2c99da1981116dcdcee007
[2024-02-25T[Link],832][DEBUG][[Link] ][azure_waf_access]
Closing {:plugin=>"LogStash::Filters::GeoIP"}
[2024-02-25T[Link],841][DEBUG][[Link] ][azure_waf_access]
Removing metadata for plugin
b2323a9d19abd7b3641896e41fcf9bd4c96b0c23f55974764be057edaa778ce9
[2024-02-25T[Link],841][DEBUG][[Link]][azure_waf_access]
Closing {:plugin=>"LogStash::Outputs::ElasticSearch"}
[2024-02-25T[Link],853][DEBUG][[Link]][azure_waf_access]
Stopping sniffer
[2024-02-25T[Link],861][DEBUG][[Link]][azure_waf_access]
Stopping resurrectionist
[2024-02-25T[Link],739][DEBUG][[Link]][azure_waf_access]
Waiting for in use manticore connections
[2024-02-25T[Link],751][DEBUG][[Link]][azure_waf_access]
Closing adapter
#<LogStash::Outputs::ElasticSearch::HttpClient::ManticoreAdapter:0x2691ce46>
[2024-02-25T[Link],780][DEBUG][[Link] ][azure_waf_access]
Removing metadata for plugin
002863306c3be9a7ef2cc1f5800ce366a73b96b72ca00b8328b725d162527529
[2024-02-25T[Link],789][DEBUG][[Link] ][azure_waf_access]
Pipeline has been shutdown
{:pipeline_id=>"azure_waf_access", :thread=>"#<Thread:0x3de9cd2d
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],790][INFO ][[Link] ][azure_waf_access]
Pipeline terminated {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],044][INFO ][[Link]] Removed pipeline from
registry successfully {:pipeline_id=>:azure_waf_access}
[2024-02-25T[Link],056][DEBUG][[Link]] Stopping
[2024-02-25T[Link],083][DEBUG][[Link]] Stopping
[2024-02-25T[Link],084][DEBUG]
[[Link]] Stopping
[2024-02-25T[Link],084][DEBUG]
[[Link]] Stopping
[2024-02-25T[Link],084][DEBUG][[Link]]
Stopping
[2024-02-25T[Link],137][DEBUG][[Link] ] API WebServer has
stopped running
[2024-02-25T[Link],137][INFO ][[Link] ] Logstash shut down.
[2024-02-25T[Link],167][INFO ][[Link] ] Log4j configuration
path used is: /etc/logstash/[Link]
[2024-02-25T[Link],197][INFO ][[Link] ] Starting Logstash
{"[Link]"=>"8.11.4", "[Link]"=>"jruby [Link] (3.1.4) 2023-11-02
1abae2700f OpenJDK 64-Bit Server VM 17.0.9+9 on 17.0.9+9 +indy +jit [x86_64-
linux]"}
[2024-02-25T[Link],208][INFO ][[Link] ] JVM bootstrap flags: [-
Xms4g, -Xmx4g, -[Link]=true, -[Link]=UTF-8, -
[Link]=true, -[Link]=0, -
[Link]=true, -XX:+HeapDumpOnOutOfMemoryError, -
[Link]=file:/dev/urandom, -[Link]=true,
--add-opens=[Link]/[Link]=ALL-UNNAMED, --add-opens=[Link]/[Link]=ALL-
UNNAMED, -[Link]=true,
--add-exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED, --add-
exports=[Link]/[Link]=ALL-UNNAMED,
--add-opens=[Link]/[Link]=ALL-UNNAMED, --add-opens=[Link]/[Link]=ALL-
UNNAMED, --add-opens=[Link]/[Link]=ALL-UNNAMED, --add-
opens=[Link]/[Link]=ALL-UNNAMED,
--add-opens=[Link]/[Link]=ALL-UNNAMED]
[2024-02-25T[Link],147][INFO ][[Link] ] Successfully started
Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2024-02-25T[Link],219][INFO ][[Link]] Reflections took 657
ms to scan 1 urls, producing 131 keys and 463 values
[2024-02-25T[Link],224][INFO ][[Link] ] Pipeline `cucm` is
configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this
pipeline will default to `ecs_compatibility => v8` unless explicitly configured
otherwise.
[2024-02-25T[Link],261][INFO ][[Link] ] Pipeline
`yhq_cisco_asav_azure` is configured with `pipeline.ecs_compatibility: v8` setting.
All plugins in this pipeline will default to `ecs_compatibility => v8` unless
explicitly configured otherwise.
[2024-02-25T[Link],278][INFO ][[Link] ] Pipeline
`azure_waf_access` is configured with `pipeline.ecs_compatibility: v8` setting. All
plugins in this pipeline will default to `ecs_compatibility => v8` unless
explicitly configured otherwise.
[2024-02-25T[Link],287][INFO ][[Link] ] Pipeline
`PA_FactoryPA_ThreatIntel` is configured with `pipeline.ecs_compatibility: v8`
setting. All plugins in this pipeline will default to `ecs_compatibility => v8`
unless explicitly configured otherwise.
[2024-02-25T[Link],308][INFO ][[Link] ] Pipeline `zscaler` is
configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this
pipeline will default to `ecs_compatibility => v8` unless explicitly configured
otherwise.
[2024-02-25T[Link],554][INFO ][[Link]]
[yhq_cisco_asav_azure] New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],556][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],556][INFO ][[Link]][azure_waf_access]
New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],572][INFO ][[Link]][cucm] New
Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],581][INFO ][[Link]][zscaler] New
Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],230][INFO ][[Link]][azure_waf_access]
Elasticsearch pool URLs updated {:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],249][INFO ][[Link]][cucm]
Elasticsearch pool URLs updated {:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],238][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Elasticsearch pool URLs updated
{:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],266][INFO ][[Link]]
[yhq_cisco_asav_azure] Elasticsearch pool URLs updated
{:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],229][INFO ][[Link]][zscaler]
Elasticsearch pool URLs updated {:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],970][WARN ][[Link]][cucm] Restored
connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],972][WARN ][[Link]]
[PA_FactoryPA_ThreatIntel] Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],993][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Elasticsearch version determined (8.10.3)
{:es_version=>8}
[2024-02-25T[Link],998][WARN ][[Link]][azure_waf_access]
Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],001][WARN ][[Link]][zscaler] Restored
connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],002][INFO ][[Link]][zscaler]
Elasticsearch version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],003][WARN ][[Link]]
[PA_FactoryPA_ThreatIntel] Detected a 6.x and above cluster: the `type` event field
won't be used to determine the document _type {:es_version=>8}
[2024-02-25T[Link],009][INFO ][[Link]][cucm]
Elasticsearch version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],010][WARN ][[Link]][cucm] Detected a
6.x and above cluster: the `type` event field won't be used to determine the
document _type {:es_version=>8}
[2024-02-25T[Link],017][INFO ][[Link]][azure_waf_access]
Elasticsearch version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],018][WARN ][[Link]][azure_waf_access]
Detected a 6.x and above cluster: the `type` event field won't be used to determine
the document _type {:es_version=>8}
[2024-02-25T[Link],020][WARN ][[Link]][zscaler] Detected
a 6.x and above cluster: the `type` event field won't be used to determine the
document _type {:es_version=>8}
[2024-02-25T[Link],038][WARN ][[Link]]
[yhq_cisco_asav_azure] Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],038][INFO ][[Link]]
[yhq_cisco_asav_azure] Elasticsearch version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],039][WARN ][[Link]]
[yhq_cisco_asav_azure] Detected a 6.x and above cluster: the `type` event field
won't be used to determine the document _type {:es_version=>8}
[2024-02-25T[Link],148][INFO ][[Link]][cucm] Not eligible
for data streams because config contains one or more settings that are not
compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-yhq-cucm", "ilm_policy"=>"yokogawa-ilm-policy",
"ilm_pattern"=>"000001"}
[2024-02-25T[Link],149][INFO ][[Link]][azure_waf_access]
Not eligible for data streams because config contains one or more settings that are
not compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-azure-waf", "ilm_policy"=>"yokogawa-ilm-policy",
"ilm_pattern"=>"000001"}
[2024-02-25T[Link],150][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Not eligible for data streams because config contains
one or more settings that are not compatible with data streams:
{"index"=>"yokogawa-global-threatintel"}
[2024-02-25T[Link],158][INFO ][[Link]][zscaler] Not
eligible for data streams because config contains one or more settings that are not
compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-yhq-zscaler1", "ilm_policy"=>"yokogawa-ilm-policy",
"ilm_pattern"=>"000001"}
[2024-02-25T[Link],159][INFO ][[Link]][zscaler] Data
streams auto configuration (`data_stream => auto` or unset) resolved to `false`
[2024-02-25T[Link],172][INFO ][[Link]]
[yhq_cisco_asav_azure] Not eligible for data streams because config contains one or
more settings that are not compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-yhq-cisco-asav-azure", "ilm_policy"=>"yokogawa-ilm-
policy", "ilm_pattern"=>"000001"}
[2024-02-25T[Link],172][INFO ][[Link]]
[yhq_cisco_asav_azure] Data streams auto configuration (`data_stream => auto` or
unset) resolved to `false`
[2024-02-25T[Link],190][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Data streams auto configuration (`data_stream => auto`
or unset) resolved to `false`
[2024-02-25T[Link],220][INFO ][[Link]][azure_waf_access]
Data streams auto configuration (`data_stream => auto` or unset) resolved to
`false`
[2024-02-25T[Link],230][INFO ][[Link]][cucm] Data streams
auto configuration (`data_stream => auto` or unset) resolved to `false`
[2024-02-25T[Link],239][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],303][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Elasticsearch pool URLs updated
{:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],393][INFO ][[Link] ][azure_waf_access] ECS
compatibility is enabled but `target` option was not specified. This may cause
fields to be set at the top-level of the event where they are likely to clash with
the Elastic Common Schema. It is recommended to set the `target` option to avoid
potential schema conflicts (if your data is ECS compliant or non-conflicting, feel
free to ignore this message)
[2024-02-25T[Link],392][WARN ][[Link] ][zscaler] ECS v8 support
is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of
the Elastic Common Schema becomes available, this plugin will need to be updated
[2024-02-25T[Link],430][WARN ][[Link] ][yhq_cisco_asav_azure]
ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns.
When Version 8 of the Elastic Common Schema becomes available, this plugin will
need to be updated
[2024-02-25T[Link],440][WARN ][[Link] ][cucm] ECS v8 support is
a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the
Elastic Common Schema becomes available, this plugin will need to be updated
[2024-02-25T[Link],492][INFO ][[Link]]
[yhq_cisco_asav_azure] Using a default mapping template
{:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],494][INFO ][[Link]][cucm] Using a
default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],522][INFO ][[Link]][zscaler] Using a
default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],531][WARN ][[Link]]
[PA_FactoryPA_ThreatIntel] Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],532][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Elasticsearch version determined (8.10.3)
{:es_version=>8}
[2024-02-25T[Link],533][WARN ][[Link]]
[PA_FactoryPA_ThreatIntel] Detected a 6.x and above cluster: the `type` event field
won't be used to determine the document _type {:es_version=>8}
[2024-02-25T[Link],602][WARN ][[Link] ][azure_waf_access] ECS
expect `target` value `geoip` in ["client", "destination", "host", "observer",
"server", "source"]
[2024-02-25T[Link],622][INFO ][[Link]][azure_waf_access]
Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],692][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Not eligible for data streams because config contains
one or more settings that are not compatible with data streams:
{"ilm_enabled"=>"true", "ilm_rollover_alias"=>"yokogawa-yhq-factorypaloalto",
"ilm_policy"=>"yokogawa-ilm-policy", "ilm_pattern"=>"000001"}
[2024-02-25T[Link],693][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Data streams auto configuration (`data_stream => auto`
or unset) resolved to `false`
[2024-02-25T[Link],753][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Using a default mapping template
{:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],771][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] New Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],792][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Elasticsearch pool URLs updated
{:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],985][WARN ][[Link]]
[PA_FactoryPA_ThreatIntel] Restored connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],995][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Elasticsearch version determined (8.10.3)
{:es_version=>8}
[2024-02-25T[Link],004][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Using a default mapping template
{:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],042][WARN ][[Link]]
[PA_FactoryPA_ThreatIntel] Detected a 6.x and above cluster: the `type` event field
won't be used to determine the document _type {:es_version=>8}
[2024-02-25T[Link],133][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Not eligible for data streams because config contains
one or more settings that are not compatible with data streams:
{"ilm_enabled"=>"true", "ilm_rollover_alias"=>"yokogawa-yhq-paloalto",
"ilm_policy"=>"yokogawa-ilm-policy", "ilm_pattern"=>"000001"}
[2024-02-25T[Link],134][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Data streams auto configuration (`data_stream => auto`
or unset) resolved to `false`
[2024-02-25T[Link],185][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel] Using a default mapping template
{:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],447][WARN ][[Link] ]
[PA_FactoryPA_ThreatIntel] '[Link]' is enabled and is likely less
efficient, consider disabling if preserving event order is not necessary
[2024-02-25T[Link],709][WARN ][[Link] ][cucm] ECS v8 support is
a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the
Elastic Common Schema becomes available, this plugin will need to be updated
[2024-02-25T[Link],747][INFO ][[Link] ][zscaler] ECS
compatibility is enabled but `target` option was not specified. This may cause
fields to be set at the top-level of the event where they are likely to clash with
the Elastic Common Schema. It is recommended to set the `target` option to avoid
potential schema conflicts (if your data is ECS compliant or non-conflicting, feel
free to ignore this message)
[2024-02-25T[Link],797][WARN ][[Link] ][zscaler] ECS v8 support
is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of
the Elastic Common Schema becomes available, this plugin will need to be updated
[2024-02-25T[Link],890][WARN ][[Link] ][cucm]
'[Link]' is enabled and is likely less efficient, consider disabling if
preserving event order is not necessary
[2024-02-25T[Link],139][INFO ][[Link] ][cucm] Starting pipeline
{:pipeline_id=>"cucm", "[Link]"=>1, "[Link]"=>125,
"[Link]"=>50, "pipeline.max_inflight"=>125,
"[Link]"=>["/etc/logstash/conf.d/[Link]"], :thread=>"#<Thread:0xa06bfde
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],148][INFO ][[Link] ]
[PA_FactoryPA_ThreatIntel] Starting pipeline
{:pipeline_id=>"PA_FactoryPA_ThreatIntel", "[Link]"=>1,
"[Link]"=>1000, "[Link]"=>50,
"pipeline.max_inflight"=>1000,
"[Link]"=>["/etc/logstash/conf.d/yhq_azurePA_factoryPA_threatintel.conf"]
, :thread=>"#<Thread:0x489cdfd7
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],158][INFO ][[Link] ][zscaler] Starting
pipeline {:pipeline_id=>"zscaler", "[Link]"=>4,
"[Link]"=>125, "[Link]"=>50,
"pipeline.max_inflight"=>500,
"[Link]"=>["/etc/logstash/conf.d/[Link]"], :thread=>"#<Thread:0x3e6
292d6 /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],661][INFO ][[Link] ] Pipeline `ad` is
configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this
pipeline will default to `ecs_compatibility => v8` unless explicitly configured
otherwise.
[2024-02-25T[Link],126][INFO ][[Link]][ad] New
Elasticsearch output
{:class=>"LogStash::Outputs::ElasticSearch",
:hosts=>["[Link]
[Link]"]}
[2024-02-25T[Link],154][INFO ][[Link]][ad] Elasticsearch
pool URLs updated {:changes=>{:removed=>[],
:added=>[[Link]
[Link]/]}}
[2024-02-25T[Link],301][WARN ][[Link]][ad] Restored
connection to ES instance
{:url=>"[Link]
[Link]/"}
[2024-02-25T[Link],301][INFO ][[Link]][ad] Elasticsearch
version determined (8.10.3) {:es_version=>8}
[2024-02-25T[Link],301][WARN ][[Link]][ad] Detected a 6.x
and above cluster: the `type` event field won't be used to determine the document
_type {:es_version=>8}
[2024-02-25T[Link],332][INFO ][[Link]][ad] Not eligible
for data streams because config contains one or more settings that are not
compatible with data streams: {"ilm_enabled"=>"true",
"ilm_rollover_alias"=>"yokogawa-yhq-ad", "ilm_policy"=>"yokogawa-ilm-policy",
"ilm_pattern"=>"000001"}
[2024-02-25T[Link],333][INFO ][[Link]][ad] Data streams
auto configuration (`data_stream => auto` or unset) resolved to `false`
[2024-02-25T[Link],447][INFO ][[Link] ][ad] Starting pipeline
{:pipeline_id=>"ad", "[Link]"=>2, "[Link]"=>125,
"[Link]"=>50, "pipeline.max_inflight"=>250,
"[Link]"=>["/etc/logstash/conf.d/[Link]"], :thread=>"#<Thread:0x7e786f5b
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],451][INFO ][[Link]][ad] Using a
default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
[2024-02-25T[Link],592][WARN ][[Link] ][yhq_cisco_asav_azure]
ECS expect `target` value `sourcelocation` in ["client", "destination", "host",
"observer", "server", "source"]
[2024-02-25T[Link],496][INFO ][[Link]] new
database version detected? false
[2024-02-25T[Link],851][INFO ][[Link] ]
[PA_FactoryPA_ThreatIntel] Pipeline Java execution initialization time
{"seconds"=>3.69}
[2024-02-25T[Link],111][INFO ][[Link]]
[azure_waf_access] By not manually configuring a database path with `database =>`,
you accepted and agreed MaxMind EULA. For more details please visit
[Link]
[2024-02-25T[Link],120][INFO ][[Link]]
[yhq_cisco_asav_azure] By not manually configuring a database path with `database
=>`, you accepted and agreed MaxMind EULA. For more details please visit
[Link]
[2024-02-25T[Link],121][INFO ][[Link] ][yhq_cisco_asav_azure]
Using geoip database
{:path=>"/var/lib/logstash/plugins/filters/geoip/1708831720/[Link]"}
[2024-02-25T[Link],130][INFO ][[Link] ][azure_waf_access] Using
geoip database
{:path=>"/var/lib/logstash/plugins/filters/geoip/1708831720/[Link]"}
[2024-02-25T[Link],179][INFO ][[Link] ][cucm] Pipeline Java
execution initialization time {"seconds"=>4.04}
[2024-02-25T[Link],201][WARN ][[Link] ][azure_waf_access]
'[Link]' is enabled and is likely less efficient, consider disabling if
preserving event order is not necessary
[2024-02-25T[Link],219][WARN ][[Link] ][yhq_cisco_asav_azure]
ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns.
When Version 8 of the Elastic Common Schema becomes available, this plugin will
need to be updated
[2024-02-25T[Link],244][INFO ][[Link] ]
[PA_FactoryPA_ThreatIntel] Starting input listener {:address=>"[Link]:5045"}
[2024-02-25T[Link],271][INFO ][[Link] ][azure_waf_access]
Starting pipeline {:pipeline_id=>"azure_waf_access", "[Link]"=>1,
"[Link]"=>125, "[Link]"=>50,
"pipeline.max_inflight"=>125, "[Link]"=>["/etc/logstash/conf.d/yhq-
[Link]"], :thread=>"#<Thread:0x6ac95e6
/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],310][WARN ][[Link] ][yhq_cisco_asav_azure]
ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns.
When Version 8 of the Elastic Common Schema becomes available, this plugin will
need to be updated
[2024-02-25T[Link],411][WARN ][[Link] ][yhq_cisco_asav_azure]
'[Link]' is enabled and is likely less efficient, consider disabling if
preserving event order is not necessary
[2024-02-25T[Link],471][INFO ][[Link] ][yhq_cisco_asav_azure]
Starting pipeline {:pipeline_id=>"yhq_cisco_asav_azure", "[Link]"=>1,
"[Link]"=>125, "[Link]"=>50,
"pipeline.max_inflight"=>125, "[Link]"=>["/etc/logstash/conf.d/yhq-cisco-
[Link]"], :thread=>"#<Thread:0x709f9c0e /usr/share/logstash/logstash-
core/lib/logstash/java_pipeline.rb:134 run>"}
[2024-02-25T[Link],482][INFO ][[Link] ][azure_waf_access]
Pipeline Java execution initialization time {"seconds"=>0.21}
[2024-02-25T[Link],520][INFO ][[Link] ]
[PA_FactoryPA_ThreatIntel] Pipeline started
{"[Link]"=>"PA_FactoryPA_ThreatIntel"}
[2024-02-25T[Link],463][INFO ][[Link]]
[PA_FactoryPA_ThreatIntel]
[f5e6bf34d757c86b76a167505a44c62fa691eeb85f93256337577143342cc399] Starting server
on port: 5045
[2024-02-25T[Link],353][INFO ][[Link] ][yhq_cisco_asav_azure]
Pipeline Java execution initialization time {"seconds"=>1.86}
[2024-02-25T[Link],458][INFO ][[Link] ][azure_waf_access]
Pipeline started {"[Link]"=>"azure_waf_access"}
[2024-02-25T[Link],542][INFO ][[Link] ][cucm] Pipeline started
{"[Link]"=>"cucm"}
[2024-02-25T[Link],755][INFO ][[Link] ][cucm]
[18b2f5afa47f4c9ee480e623c9d3fceedbe2c1d6a9d25c910be9358dd86df178] START, creating
Discoverer, Watch with file and sincedb collections
[2024-02-25T[Link],775][INFO ][[Link] ][yhq_cisco_asav_azure]
No sincedb_path set, generating one based on the "path" setting
{:sincedb_path=>"/var/lib/logstash/plugins/inputs/file/.sincedb_07f533481b0ff948c45
82a820764a9fc", :path=>["/var/log/cisco-asa-azure/[Link]"]}
[2024-02-25T[Link],786][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],794][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],914][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: New EventProcessorHost created.
[2024-02-25T[Link],921][INFO ][[Link] ][yhq_cisco_asav_azure]
[4b3456af81567c6f95ff8f0d60d4af04db77885ad71681d4ca22588b83f44773] START, creating
Discoverer, Watch with file and sincedb collections
[2024-02-25T[Link],941][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
insights-logs-applicationgatewayaccesslog is initializing...
[2024-02-25T[Link],941][WARN ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] You have NOT
specified a `storage_connection_string` for insights-logs-
applicationgatewayaccesslog. This configuration is only supported for a single
Logstash instance.
[2024-02-25T[Link],942][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: New EventProcessorHost created.
[2024-02-25T[Link],995][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],017][INFO ][[Link] ][yhq_cisco_asav_azure]
Pipeline started {"[Link]"=>"yhq_cisco_asav_azure"}
[2024-02-25T[Link],046][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Configuring
Event Hub insights-logs-applicationgatewayaccesslog to read only new events.
[2024-02-25T[Link],132][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: Starting event processing.
[2024-02-25T[Link],128][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: Starting event processing.
[2024-02-25T[Link],568][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_209a84_1708832747301], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],627][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_209a84_1708832747301] [Link]
[2024-02-25T[Link],670][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_209a84_1708832747301]
[2024-02-25T[Link],672][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_209a84_1708832747301], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],101][INFO ][[Link] ][zscaler] Pipeline Java
execution initialization time {"seconds"=>7.94}
[2024-02-25T[Link],172][INFO ][[Link] ][zscaler] No
sincedb_path set, generating one based on the "path" setting
{:sincedb_path=>"/var/lib/logstash/plugins/inputs/file/.sincedb_35207214516fbd37101
67fc8347c876b", :path=>["/var/log/zscaler/[Link]-*"]}
[2024-02-25T[Link],211][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_7526e8_1708832747309], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],231][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_7526e8_1708832747309] [Link]
[2024-02-25T[Link],232][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_7526e8_1708832747309]
[2024-02-25T[Link],232][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_7526e8_1708832747309], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],284][INFO ][[Link] ][zscaler]
[338c3256cbc9a25a68e8953fdaee35f73f7a34c5e1b88b71d476e31b8559c3e1] START, creating
Discoverer, Watch with file and sincedb collections
[2024-02-25T[Link],373][INFO ][[Link] ][zscaler] Pipeline
started {"[Link]"=>"zscaler"}
[2024-02-25T[Link],557][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_7526e8_1708832747309]
[2024-02-25T[Link],597][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_209a84_1708832747301]
[2024-02-25T[Link],339][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_209a84_1708832747301],
remoteContainer[f396fb987bcf4aba9827dccf291e33ba_G1]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_7526e8_1708832747309],
remoteContainer[d20492e4ef734dafaa44790282e00270_G33]
[2024-02-25T[Link],391][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_7526e8_1708832747309], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],419][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_209a84_1708832747301], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],440][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_209a84_1708832747301], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],449][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],450][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],450][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_7526e8_1708832747309], entityName[mgmt-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],451][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[mgmt], linkName[mgmt:sender], localTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],451][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[mgmt], linkName[mgmt:receiver],
localSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],459][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_209a84_1708832747301], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],459][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],460][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],461][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_7526e8_1708832747309], entityName[mgmt-
session], sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[mgmt], linkName[mgmt:sender], remoteTarget[Target{address='$management',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],462][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[mgmt], linkName[mgmt:receiver],
remoteSource[Source{address='$management', durable=NONE, expiryPolicy=SESSION_END,
timeout=0, dynamic=false, dynamicNodeProperties=null, distributionMode=null,
filter=null, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],479][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_209a84_1708832747301],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],481][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_7526e8_1708832747309],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],529][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],530][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: Eventhub insights-logs-
applicationgatewayaccesslog count of partitions: 4
[2024-02-25T[Link],531][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: Found partition with id: 0
[2024-02-25T[Link],531][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: Found partition with id: 1
[2024-02-25T[Link],531][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: Found partition with id: 2
[2024-02-25T[Link],530][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: Found partition with id: 0
[2024-02-25T[Link],531][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: Found partition with id: 1
[2024-02-25T[Link],531][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: Found partition with id: 2
[2024-02-25T[Link],531][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: Found partition with id: 3
[2024-02-25T[Link],531][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_f42da1_1708832747175]
[2024-02-25T[Link],531][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_7526e8_1708832747309]
[2024-02-25T[Link],531][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: Found partition with id: 3
[2024-02-25T[Link],542][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[EC_3077cb_1708832747170]
[2024-02-25T[Link],542][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] close:
clientId[MF_209a84_1708832747301]
[2024-02-25T[Link],559][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_7526e8_1708832747309], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],570][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalClose hostname[[Link]],
connectionId[MF_209a84_1708832747301], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],571][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],572][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],573][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],573][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_209a84_1708832747301], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],582][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],582][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] closeSession for
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],590][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],591][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalClose connectionId[mgmt-session],
entityName[MF_7526e8_1708832747309], condition[Error{condition=null,
description='null', info=null}]
[2024-02-25T[Link],592][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],592][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],593][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],593][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],595][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],595][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:sender], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],595][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onLinkRemoteClose clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],595][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] processOnClose
clientName[mgmt], linkName[mgmt:receiver], errorCondition[null],
errorDescription[null]
[2024-02-25T[Link],597][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],603][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub
registration complete. {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],603][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],598][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub is
processing events... {:event_hub_name=>"insights-logs-
applicationgatewayaccesslog"}
[2024-02-25T[Link],621][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 1: creating new pump
[2024-02-25T[Link],631][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 3: creating new pump
[2024-02-25T[Link],631][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_7526e8_1708832747309],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],632][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_7526e8_1708832747309], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],632][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_7526e8_1708832747309],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],632][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_7526e8_1708832747309], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],635][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_209a84_1708832747301],
session[mgmt-session], link[mgmt], endpoint[$management]
[2024-02-25T[Link],635][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_209a84_1708832747301], hostName[yazure-eventhub-
[Link]], info[mgmtChannel closed]
[2024-02-25T[Link],635][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteClose hostname[yazure-eventhub-
[Link]], connectionId[MF_209a84_1708832747301],
errorCondition[null], errorDescription[null]
[2024-02-25T[Link],635][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionError messagingFactory[MF_209a84_1708832747301], hostname[yazure-
[Link]], error[null]
[2024-02-25T[Link],660][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_209a84_1708832747301], error[n/a]
[2024-02-25T[Link],660][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_209a84_1708832747301], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],661][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_209a84_1708832747301], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],661][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_209a84_1708832747301], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],661][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_209a84_1708832747301], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],662][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_209a84_1708832747301], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],672][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed hostname[[Link]],
connectionId[MF_7526e8_1708832747309], error[n/a]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onTransportClosed name[MF_7526e8_1708832747309], hostname[yazure-eventhub-
[Link]]
[2024-02-25T[Link],691][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionUnbound hostname[[Link]],
connectionId[MF_7526e8_1708832747309], state[CLOSED], remoteState[CLOSED]
[2024-02-25T[Link],691][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onSessionFinal
connectionId[MF_7526e8_1708832747309], entityName[mgmt-session], condition[null],
description[null]
[2024-02-25T[Link],692][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionFinal hostname[[Link]],
connectionId[MF_7526e8_1708832747309], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],692][WARN ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_7526e8_1708832747309], hostName[yazure-eventhub-
[Link]], message[stopping the reactor because thread was
interrupted or the reactor has no more events to process.]
[2024-02-25T[Link],681][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 3: Creating and opening event processor
instance
[2024-02-25T[Link],680][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 1: Creating and opening event processor
instance
[2024-02-25T[Link],088][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 3 is opening.
[2024-02-25T[Link],089][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 3: Opening EH client
[2024-02-25T[Link],097][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 1 is opening.
[2024-02-25T[Link],097][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 1: Opening EH client
[2024-02-25T[Link],099][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_c8829b_1708832750098], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],100][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_c8829b_1708832750098] [Link]
[2024-02-25T[Link],100][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_c8829b_1708832750098]
[2024-02-25T[Link],100][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_c8829b_1708832750098], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],101][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_c8829b_1708832750098]
[2024-02-25T[Link],117][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_10f0ba_1708832750116], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],117][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_10f0ba_1708832750116] [Link]
[2024-02-25T[Link],117][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_10f0ba_1708832750116]
[2024-02-25T[Link],117][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_10f0ba_1708832750116], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],118][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_10f0ba_1708832750116]
[2024-02-25T[Link],336][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_c8829b_1708832750098],
remoteContainer[66f4176c304649fd8a4b153086681f80_G19]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 1: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],340][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 1: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],360][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_10f0ba_1708832750116],
remoteContainer[758144b8331e45d3beac5d0b17adb168_G28]
[2024-02-25T[Link],360][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 3: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],360][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 3: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],385][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_69d10f_1708832750349_MF_c8829b_1708832750098-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
1], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],401][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_c8829b_1708832750098], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],402][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_c8829b_1708832750098], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],411][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_390223_1708832750361_MF_10f0ba_1708832750116-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
3], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],411][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_10f0ba_1708832750116], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],412][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_10f0ba_1708832750116], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],410][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],420][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],438][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_c8829b_1708832750098], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],439][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],440][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],457][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],458][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],477][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_c8829b_1708832750098],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],480][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_10f0ba_1708832750116], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],480][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],481][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],482][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_10f0ba_1708832750116],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],500][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_10f0ba_1708832750116], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],501][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_10f0ba_1708832750116], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],508][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_c8829b_1708832750098], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],546][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_c8829b_1708832750098], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],510][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_10f0ba_1708832750116], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],550][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],553][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_390223_1708832750361_MF_10f0ba_1708832750116-InternalReceiver],
linkName[LN_0be56d_1708832750552_168_G28], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],556][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_c8829b_1708832750098], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],566][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],566][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_69d10f_1708832750349_MF_c8829b_1708832750098-InternalReceiver],
linkName[LN_a38b3f_1708832750566_f80_G19], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],631][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_390223_1708832750361_MF_10f0ba_1708832750116-InternalReceiver],
linkName[LN_0be56d_1708832750552_168_G28], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/3',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@233d1e3
2}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],631][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_69d10f_1708832750349_MF_c8829b_1708832750098-InternalReceiver],
linkName[LN_a38b3f_1708832750566_f80_G19], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/1',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@7e1547b
1}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],631][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_69d10f_1708832750349_MF_c8829b_1708832750098-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/1], linkName[LN_a38b3f_1708832750566_f80_G19], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],632][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 1: EH client and receiver creation finished
[2024-02-25T[Link],650][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_390223_1708832750361_MF_10f0ba_1708832750116-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/3], linkName[LN_0be56d_1708832750552_168_G28], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],660][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 3: EH client and receiver creation finished
[2024-02-25T[Link],546][INFO ][[Link] ][ad] Pipeline Java
execution initialization time {"seconds"=>13.1}
[2024-02-25T[Link],565][INFO ][[Link] ][ad] Starting input
listener {:address=>"[Link]:5044"}
[2024-02-25T[Link],605][INFO ][[Link]][ad]
[a94f5e467b1b04d12a972a2e5fcd4c64919fe6cae94cc957030d518a5fb59bcf] Starting server
on port: 5044
[2024-02-25T[Link],614][INFO ][[Link] ][ad] Pipeline started
{"[Link]"=>"ad"}
[2024-02-25T[Link],858][INFO ][[Link] ] Pipelines running
{:count=>6, :running_pipelines=>[:cucm, :azure_waf_access, :yhq_cisco_asav_azure, :
PA_FactoryPA_ThreatIntel, :zscaler, :ad], :non_running_pipelines=>[]}
[2024-02-25T[Link],686][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 2: creating new pump
[2024-02-25T[Link],686][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 0: creating new pump
[2024-02-25T[Link],686][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 2: Creating and opening event processor
instance
[2024-02-25T[Link],688][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 0: Creating and opening event processor
instance
[2024-02-25T[Link],707][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 2 is opening.
[2024-02-25T[Link],708][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 2: Opening EH client
[2024-02-25T[Link],708][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_553f1a_1708832779708], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],717][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_553f1a_1708832779708] [Link]
[2024-02-25T[Link],717][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_553f1a_1708832779708]
[2024-02-25T[Link],717][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_553f1a_1708832779708], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],726][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_553f1a_1708832779708]
[2024-02-25T[Link],746][INFO ][[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] Event Hub:
insights-logs-applicationgatewayaccesslog, Partition: 0 is opening.
[2024-02-25T[Link],747][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 0: Opening EH client
[2024-02-25T[Link],748][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_6fe963_1708832779748], hostName[yazure-eventhub-
[Link]], info[starting reactor instance.]
[2024-02-25T[Link],756][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
name[MF_6fe963_1708832779748] [Link]
[2024-02-25T[Link],756][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onConnectionInit
hostname[[Link]],
connectionId[MF_6fe963_1708832779748]
[2024-02-25T[Link],757][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionLocalOpen hostname[[Link]],
connectionId[MF_6fe963_1708832779748], errorCondition[null], errorDescription[null]
[2024-02-25T[Link],758][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionBound hostname[[Link]],
connectionId[MF_6fe963_1708832779748]
[2024-02-25T[Link],028][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_553f1a_1708832779708],
remoteContainer[9903b5cd1588437bac195ce2a46989b1_G11]
[2024-02-25T[Link],029][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 2: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],029][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 2: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],030][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_aae1ec_1708832780029_MF_553f1a_1708832779708-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
2], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],038][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_553f1a_1708832779708], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],038][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_553f1a_1708832779708], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],040][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],047][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],108][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_553f1a_1708832779708], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],109][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],110][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],116][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onConnectionRemoteOpen hostname[[Link]],
connectionId[MF_6fe963_1708832779748],
remoteContainer[ae6edd6b04964a91871b87029353311c_G35]
[2024-02-25T[Link],119][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 0: Initial position provided:
offset[@latest], sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],119][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 0: Opening EH receiver with epoch 0 at
location offset[@latest], sequenceNumber[null], enqueuedTime[null],
inclusiveFlag[false]
[2024-02-25T[Link],120][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
clientId[PR_58c406_1708832780119_MF_6fe963_1708832779748-InternalReceiver],
path[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/
0], operationTimeout[PT1M], creating a receive link
[2024-02-25T[Link],120][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_6fe963_1708832779748], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],120][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_6fe963_1708832779748], entityName[cbs-session],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],128][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
senderName[cbs], linkName[cbs:sender], localTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],128][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[cbs], linkName[cbs:receiver], localSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],129][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_553f1a_1708832779708],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],140][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_553f1a_1708832779708], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],140][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_553f1a_1708832779708], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],148][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_553f1a_1708832779708], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],148][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],149][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_aae1ec_1708832780029_MF_553f1a_1708832779708-InternalReceiver],
linkName[LN_bcec6f_1708832780149_9b1_G11], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],150][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_6fe963_1708832779748], entityName[cbs-session],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],150][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
senderName[cbs], linkName[cbs:sender], remoteTarget[Target{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, capabilities=null}]
[2024-02-25T[Link],150][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[cbs], linkName[cbs:receiver], remoteSource[Source{address='$cbs',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter=null,
defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],168][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_aae1ec_1708832780029_MF_553f1a_1708832779708-InternalReceiver],
linkName[LN_bcec6f_1708832780149_9b1_G11], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/2',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@b81687b
}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],169][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_aae1ec_1708832780029_MF_553f1a_1708832779708-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/2], linkName[LN_bcec6f_1708832780149_9b1_G11], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],169][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
3ebf730d-059e-4c9c-818e-f73adb129d55: 2: EH client and receiver creation finished
[2024-02-25T[Link],151][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
[Link] complete clientId[MF_6fe963_1708832779748],
session[cbs-session], link[cbs], endpoint[$cbs]
[2024-02-25T[Link],239][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
messagingFactory[MF_6fe963_1708832779748], hostName[yazure-eventhub-
[Link]], getting a session.
[2024-02-25T[Link],240][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionLocalOpen connectionId[MF_6fe963_1708832779748], entityName[insights-logs-
applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
condition[Error{condition=null, description='null', info=null}]
[2024-02-25T[Link],259][INFO ][[Link]]
[azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
onSessionRemoteOpen connectionId[MF_6fe963_1708832779748], entityName[insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0],
sessionIncCapacity[0], sessionOutgoingWindow[2147483647]
[2024-02-25T[Link],259][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8]
receiverPath[RECEIVER IS NULL], action[createReceiveLink], offset[@latest],
sequenceNumber[null], enqueuedTime[null], inclusiveFlag[false]
[2024-02-25T[Link],259][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkLocalOpen
receiverName[PR_58c406_1708832780119_MF_6fe963_1708832779748-InternalReceiver],
linkName[LN_897d5e_1708832780259_11c_G35], localSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=UnknownDescribedType{descriptor=[Link]:selector-filter:string,
described=[Link].x-opt-offset > '@latest'}}, defaultOutcome=null,
outcomes=null, capabilities=null}]
[2024-02-25T[Link],279][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onLinkRemoteOpen
receiverName[PR_58c406_1708832780119_MF_6fe963_1708832779748-InternalReceiver],
linkName[LN_897d5e_1708832780259_11c_G35], remoteSource[Source{address='insights-
logs-applicationgatewayaccesslog/ConsumerGroups/$Default/Partitions/0',
durable=NONE, expiryPolicy=SESSION_END, timeout=0, dynamic=false,
dynamicNodeProperties=null, distributionMode=null, filter={[Link]:selector-
filter:string=[Link]$UnknownDescribedType@532cec5
d}, defaultOutcome=null, outcomes=null, capabilities=null}]
[2024-02-25T[Link],279][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] onOpenComplete -
clientId[PR_58c406_1708832780119_MF_6fe963_1708832779748-InternalReceiver],
receiverPath[insights-logs-applicationgatewayaccesslog/ConsumerGroups/$Default/
Partitions/0], linkName[LN_897d5e_1708832780259_11c_G35], updated-link-credit[300],
sentCredits[300]
[2024-02-25T[Link],280][INFO ]
[[Link]][azure_waf_access]
[e921425eaa599df0a156e9171a302f77cf37b9f7ab3fe92fa0971b9f1f5cfac8] host logstash-
0d05a829-6920-4158-b25d-d335135b5e5b: 0: EH client and receiver creation finished