Fastly Next-Gen WAF Log Enablement And Extraction Guide

Important Note

Fastly exposes several logging and API operating models. Exact menu labels can vary by control plane and entitlement, so confirm the extraction method your team is licensed to use before operationalizing the feed.

Enable Logging

1. Confirm the application is protected by Fastly Next-Gen WAF and that request and anomaly events are visible in the Fastly or Next-Gen WAF control panel.
2. Decide whether your extraction path will be Fastly real-time log streaming, a third-party logging endpoint, or the Next-Gen WAF API.
3. If you need a continuously delivered export, configure a Fastly logging endpoint to stream the needed request and security data to your chosen storage or SIEM destination.

Extract or Export the Logs

4. For API-based collection, use the Next-Gen WAF API from a control-plane account that can authenticate to the Fastly/Signal Sciences API path and retrieve the event data you need.
5. For streaming collection, pull the JSON, JSONL, or text logs from the configured storage or SIEM destination and place them into the aiFObserve workspace.
6. Validate that your exported dataset includes action and request identity information, because aiFObserve relies on those to classify blocked and suspicious sessions accurately.

Important Fields to Preserve

• request/event ID
• action
• client IP
• host
• path
• rule or signal
• timestamp
• user agent
• bytes if available