To analyze requests and detect attacks, filtering node relies on LOM (Local Object Module) which contains specially formatted rules from application profiles. Data in the LOM file are optimized to accelerate request analysis.
Before the rules can be applied, they need to be processed which means:
- LOM file is compiled
- The newly compiled version of the LOM is downloaded from the Wallarm Cloud to every Wallarm Node
The process of compiling LOM typically takes from a few minutes for the simple application to up to an hour for resources with complex structure. Monitoring progress of LOM assembly is currently unavailable, although it is on the roadmap. One indicator of the LOM processing progress is when and how it gets downloaded to the filter nodes. This information is accessible from the UI section Setting -> Nodes.
LOM download to filter nodes happens every 15-25 minutes. This process can be expedited with a script
/usr/share/wallarm-common/syncnode. You can verify the status of LOM download through the log in