Skip to content

Instantly share code, notes, and snippets.

@pkdavies

pkdavies/azurewaf.php

Created October 27, 2017 20:37
Show Gist options
  • Save pkdavies/7a683903c0e37153005fd7c7dd5d7abb to your computer and use it in GitHub Desktop.
Save pkdavies/7a683903c0e37153005fd7c7dd5d7abb to your computer and use it in GitHub Desktop.
Download ZIP
Process Azure WAF logs from json debug
Raw
azurewaf.php
<?php
/**
* Created by PhpStorm.
* User: peted
* Date: 27/10/2017
* Time: 21:03
*
*/
$json_file = "test.json";
$json = file_get_contents($json_file);
$event_array = json_decode( $json, true );
if (is_array($event_array)){
$waf_events = array();
foreach($event_array as $reources) {
foreach($reources as $line => $event) {
// create new array
$waf_events[] = array(
"time" => $event['time'],
"ip" => $event['properties']['clientIp'],
"ruleSetType" => $event['properties']['ruleSetType'],
"ruleSetVersion" => $event['properties']['ruleSetVersion'],
"ruleId" => $event['properties']['ruleId'],
"message" => $event['properties']['message'],
"requestUri" => $event['properties']['requestUri'],
);
}
}
header("Content-Type: text/plain");
foreach($waf_events as $event) {
echo implode("\t",$event)."\n";
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment