* Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the * association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters * so that you log only a subset of the logging records. *
** You can define one logging destination per web ACL. *
** You can access information about the traffic that WAF inspects using the following steps: *
** Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service * (Amazon S3) bucket, or an Amazon Kinesis Data Firehose. *
*
* The name that you give the destination must start with aws-waf-logs-. Depending on the type of
* destination, you might need to configure additional settings or permissions.
*
* For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF * Developer Guide. *
*
* Associate your logging destination to your web ACL using a PutLoggingConfiguration request.
*
* When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional
* role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group,
* WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon
* Kinesis Data Firehose, WAF creates a service-linked role.
*
* For additional information about web ACL logging, see Logging web ACL traffic information in * the WAF Developer Guide. *
* * @see AWS API * Documentation */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public class LoggingConfiguration implements Serializable, Cloneable, StructuredPojo { /** *
* The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
*
* The logging destination configuration that you want to associate with the web ACL. *
** You can associate one logging destination to a web ACL. *
** The parts of the request that you want to keep out of the logs. *
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs will be
* REDACTED for all rules that use the SingleHeader FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the
* SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. *
*/ private Boolean managedByFirewallManager; /** ** Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the * rule action and on the web request labels that were applied by matching rules during web ACL evaluation. *
*/ private LoggingFilter loggingFilter; /** *
* The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
*
LogDestinationConfigs.
*/
public void setResourceArn(String resourceArn) {
this.resourceArn = resourceArn;
}
/**
*
* The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
*
LogDestinationConfigs.
*/
public String getResourceArn() {
return this.resourceArn;
}
/**
*
* The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
*
LogDestinationConfigs.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public LoggingConfiguration withResourceArn(String resourceArn) {
setResourceArn(resourceArn);
return this;
}
/**
* * The logging destination configuration that you want to associate with the web ACL. *
** You can associate one logging destination to a web ACL. *
** You can associate one logging destination to a web ACL. *
*/ public java.util.List* The logging destination configuration that you want to associate with the web ACL. *
** You can associate one logging destination to a web ACL. *
** You can associate one logging destination to a web ACL. *
*/ public void setLogDestinationConfigs(java.util.Collection* The logging destination configuration that you want to associate with the web ACL. *
** You can associate one logging destination to a web ACL. *
** NOTE: This method appends the values to the existing list (if any). Use * {@link #setLogDestinationConfigs(java.util.Collection)} or * {@link #withLogDestinationConfigs(java.util.Collection)} if you want to override the existing values. *
* * @param logDestinationConfigs * The logging destination configuration that you want to associate with the web ACL.* You can associate one logging destination to a web ACL. *
* @return Returns a reference to this object so that method calls can be chained together. */ public LoggingConfiguration withLogDestinationConfigs(String... logDestinationConfigs) { if (this.logDestinationConfigs == null) { setLogDestinationConfigs(new java.util.ArrayList* The logging destination configuration that you want to associate with the web ACL. *
** You can associate one logging destination to a web ACL. *
** You can associate one logging destination to a web ACL. *
* @return Returns a reference to this object so that method calls can be chained together. */ public LoggingConfiguration withLogDestinationConfigs(java.util.Collection* The parts of the request that you want to keep out of the logs. *
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs will be
* REDACTED for all rules that use the SingleHeader FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the
* SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs
* will be REDACTED for all rules that use the SingleHeader
* FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting,
* so the SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* The parts of the request that you want to keep out of the logs. *
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs will be
* REDACTED for all rules that use the SingleHeader FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the
* SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs
* will be REDACTED for all rules that use the SingleHeader
* FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting,
* so the SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* The parts of the request that you want to keep out of the logs. *
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs will be
* REDACTED for all rules that use the SingleHeader FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the
* SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* NOTE: This method appends the values to the existing list (if any). Use * {@link #setRedactedFields(java.util.Collection)} or {@link #withRedactedFields(java.util.Collection)} if you want * to override the existing values. *
* * @param redactedFields * The parts of the request that you want to keep out of the logs. *
* For example, if you redact the SingleHeader field, the HEADER field in the logs
* will be REDACTED for all rules that use the SingleHeader
* FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting,
* so the SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* The parts of the request that you want to keep out of the logs. *
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs will be
* REDACTED for all rules that use the SingleHeader FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the
* SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* For example, if you redact the SingleHeader field, the HEADER field in the logs
* will be REDACTED for all rules that use the SingleHeader
* FieldToMatch setting.
*
* Redaction applies only to the component that's specified in the rule's FieldToMatch setting,
* so the SingleHeader redaction doesn't apply to rules that use the Headers
* FieldToMatch.
*
* You can specify only the following fields for redaction: UriPath, QueryString,
* SingleHeader, and Method.
*
* Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. *
* * @param managedByFirewallManager * Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. */ public void setManagedByFirewallManager(Boolean managedByFirewallManager) { this.managedByFirewallManager = managedByFirewallManager; } /** ** Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. *
* * @return Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. */ public Boolean getManagedByFirewallManager() { return this.managedByFirewallManager; } /** ** Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. *
* * @param managedByFirewallManager * Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. * @return Returns a reference to this object so that method calls can be chained together. */ public LoggingConfiguration withManagedByFirewallManager(Boolean managedByFirewallManager) { setManagedByFirewallManager(managedByFirewallManager); return this; } /** ** Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. *
* * @return Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy * configuration. If true, only Firewall Manager can modify or delete the configuration. */ public Boolean isManagedByFirewallManager() { return this.managedByFirewallManager; } /** ** Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the * rule action and on the web request labels that were applied by matching rules during web ACL evaluation. *
* * @param loggingFilter * Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on * the rule action and on the web request labels that were applied by matching rules during web ACL * evaluation. */ public void setLoggingFilter(LoggingFilter loggingFilter) { this.loggingFilter = loggingFilter; } /** ** Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the * rule action and on the web request labels that were applied by matching rules during web ACL evaluation. *
* * @return Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on * the rule action and on the web request labels that were applied by matching rules during web ACL * evaluation. */ public LoggingFilter getLoggingFilter() { return this.loggingFilter; } /** ** Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the * rule action and on the web request labels that were applied by matching rules during web ACL evaluation. *
* * @param loggingFilter * Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on * the rule action and on the web request labels that were applied by matching rules during web ACL * evaluation. * @return Returns a reference to this object so that method calls can be chained together. */ public LoggingConfiguration withLoggingFilter(LoggingFilter loggingFilter) { setLoggingFilter(loggingFilter); return this; } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getResourceArn() != null) sb.append("ResourceArn: ").append(getResourceArn()).append(","); if (getLogDestinationConfigs() != null) sb.append("LogDestinationConfigs: ").append(getLogDestinationConfigs()).append(","); if (getRedactedFields() != null) sb.append("RedactedFields: ").append(getRedactedFields()).append(","); if (getManagedByFirewallManager() != null) sb.append("ManagedByFirewallManager: ").append(getManagedByFirewallManager()).append(","); if (getLoggingFilter() != null) sb.append("LoggingFilter: ").append(getLoggingFilter()); sb.append("}"); return sb.toString(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof LoggingConfiguration == false) return false; LoggingConfiguration other = (LoggingConfiguration) obj; if (other.getResourceArn() == null ^ this.getResourceArn() == null) return false; if (other.getResourceArn() != null && other.getResourceArn().equals(this.getResourceArn()) == false) return false; if (other.getLogDestinationConfigs() == null ^ this.getLogDestinationConfigs() == null) return false; if (other.getLogDestinationConfigs() != null && other.getLogDestinationConfigs().equals(this.getLogDestinationConfigs()) == false) return false; if (other.getRedactedFields() == null ^ this.getRedactedFields() == null) return false; if (other.getRedactedFields() != null && other.getRedactedFields().equals(this.getRedactedFields()) == false) return false; if (other.getManagedByFirewallManager() == null ^ this.getManagedByFirewallManager() == null) return false; if (other.getManagedByFirewallManager() != null && other.getManagedByFirewallManager().equals(this.getManagedByFirewallManager()) == false) return false; if (other.getLoggingFilter() == null ^ this.getLoggingFilter() == null) return false; if (other.getLoggingFilter() != null && other.getLoggingFilter().equals(this.getLoggingFilter()) == false) return false; return true; } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getResourceArn() == null) ? 0 : getResourceArn().hashCode()); hashCode = prime * hashCode + ((getLogDestinationConfigs() == null) ? 0 : getLogDestinationConfigs().hashCode()); hashCode = prime * hashCode + ((getRedactedFields() == null) ? 0 : getRedactedFields().hashCode()); hashCode = prime * hashCode + ((getManagedByFirewallManager() == null) ? 0 : getManagedByFirewallManager().hashCode()); hashCode = prime * hashCode + ((getLoggingFilter() == null) ? 0 : getLoggingFilter().hashCode()); return hashCode; } @Override public LoggingConfiguration clone() { try { return (LoggingConfiguration) super.clone(); } catch (CloneNotSupportedException e) { throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e); } } @com.amazonaws.annotation.SdkInternalApi @Override public void marshall(ProtocolMarshaller protocolMarshaller) { com.amazonaws.services.wafv2.model.transform.LoggingConfigurationMarshaller.getInstance().marshall(this, protocolMarshaller); } }