This guide will help you get the complete WAF AI system running with full monitoring, metrics, and protection capabilities.
Run the automated startup script that handles everything:
chmod +x scripts/start-waf-system.sh
./scripts/start-waf-system.shThis script will:
- Start all Docker services
- Wait for services to be ready
- Install Python dependencies
- Run the automated bootstrap process
- Open the dashboards in your browser
If you prefer to set up step by step:
-
Start Docker Services
docker-compose up -d
-
Wait for Services (about 2-3 minutes)
# Check status docker-compose ps # Wait for health checks docker-compose logs -f waf-api
-
Install Python Dependencies
pip3 install aiohttp requests
-
Run Bootstrap Script
python3 scripts/bootstrap.py
Once the system is running, you can access:
| Service | URL | Credentials |
|---|---|---|
| WAF Dashboard | http://localhost | admin/admin123 |
| WAF API | http://localhost:8000 | admin/admin123 |
| Grafana | http://localhost:3000 | admin/waf-admin |
| Prometheus | http://localhost:9090 | - |
| Nginx Node 1 | http://localhost:8081 | - |
| Nginx Node 2 | http://localhost:8082 | - |
- Two nginx nodes are automatically registered
- Log servers are connected for traffic monitoring
- WAF rules deployment is configured
- Traffic collection is started automatically
- Logs are parsed and processed in real-time
- Metrics are forwarded to Prometheus
- Initial model is trained with sample attack patterns
- Includes SQL injection, XSS, and normal traffic samples
- Model is ready for real-time threat detection
- Threat detection engine is started
- Real-time analysis of incoming traffic
- Automatic threat scoring and logging
- Grafana dashboards are pre-configured
- Prometheus metrics collection is active
- Log aggregation through Loki and Promtail
# All services
docker-compose logs -f
# Specific service
docker-compose logs -f waf-api
docker-compose logs -f grafana
docker-compose logs -f traffic-generator# Restart all
docker-compose restart
# Restart specific service
docker-compose restart waf-apidocker-compose down# Stop and remove all data
docker-compose down -v
# Remove images (optional)
docker-compose down -v --rmi all- Open Grafana: http://localhost:3000
- Login: admin/waf-admin
- Navigate to Dashboards
- View: "WAF System Overview" dashboard
The dashboard shows:
- Real-time threat detection metrics
- Traffic volume and patterns
- ML model performance
- Node health and status
- Security events timeline
Raw metrics are available at: http://localhost:9090
Key metrics include:
waf_threats_detected_totalwaf_requests_processed_totalwaf_rules_activewaf_nodes_registeredwaf_model_accuracy
- SQL Injection detection and blocking
- Cross-Site Scripting (XSS) prevention
- Directory Traversal protection
- Brute Force attack mitigation
- Adaptive Learning: Model improves with new data
- Real-time Scoring: Instant threat assessment
- Confidence Levels: Adjustable threat thresholds
- False Positive Reduction: Smart pattern recognition
- Request Parsing: Full HTTP request analysis
- Pattern Matching: Signature-based detection
- Behavioral Analysis: Anomaly detection
- Rate Limiting: Automatic throttling
The system includes a traffic generator that simulates:
- Normal user traffic (90%)
- Attack patterns (10%)
- Realistic request patterns
- Various attack types
This ensures you see data flowing immediately and can test the system.
-
Services not starting
# Check Docker status docker ps # Check logs for errors docker-compose logs waf-api
-
No data in Grafana
- Wait 2-3 minutes for metrics to populate
- Check if traffic generator is running
- Verify Prometheus targets are up
-
Authentication issues
- Default credentials: admin/admin123
- Check browser localStorage for tokens
- Try clearing browser cache
-
Port conflicts
# Check what's using ports lsof -i :8000 # WAF API lsof -i :3000 # Grafana lsof -i :9090 # Prometheus
If the automated bootstrap fails:
-
Run manual bootstrap
python3 scripts/bootstrap.py
-
Use the UI bootstrap
- Open http://localhost
- Login with admin/admin123
- Click "Initialize System" button
-
Check individual steps
# Test API connectivity curl http://localhost:8000/health # Check authentication curl -X POST http://localhost:8000/auth/login \ -H "Content-Type: application/json" \ -d '{"username":"admin","password":"admin123"}'
- Explore the Dashboard: Navigate through different tabs
- Review Threats: Check the threats detection page
- Monitor Traffic: Watch real-time traffic analysis
- Customize Rules: Add your own WAF rules
- Tune ML Model: Train with your specific data
- Set up Alerts: Configure Grafana alerting
For issues or questions:
- Check the logs:
docker-compose logs -f - Review this documentation
- Check the API documentation: http://localhost:8000/docs
- Verify system status: http://localhost:8000/api/debug/status
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Web Browser │ │ Nginx Node 1 │ │ Nginx Node 2 │
│ (Dashboard) │ │ Port 8081 │ │ Port 8082 │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│ │ │
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ WAF API │ │ Log Server 1 │ │ Log Server 2 │
│ Port 8000 │ │ Port 8080 │ │ Port 8083 │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│ └───────┬───────────────┘
│ │
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Grafana │ │ Prometheus │ │ Loki │
│ Port 3000 │ │ Port 9090 │ │ Port 3100 │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────────┼───────────────────────┘
│
┌─────────────────┐
│ Traffic Generator│
│ (Simulates Attacks)│
└─────────────────┘
The system provides complete end-to-end security monitoring with real-time threat detection, machine learning-based analysis, and comprehensive observability through Grafana and Prometheus.