AAF_BurpSuit_withlogin
Dec 12 15:16:52 osboxes aaf.alerts: Founddddd patterns,{.conf } in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17.0.2,80,]
Dec 12 15:16:52 osboxes aaf.alerts: Founddddd patterns,{/web.config.bak } in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17.0.2,80,]
Dec 12 15:16:52 osboxes aaf.alerts: Founddddd patterns,{.conf } in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17.0.2,80,]
Dec 12 15:16:52 osboxes aaf.alerts: Founddddd patterns,{/web.config.bak } in 192.168.56.10/passwords/web.config.bak [1576181812,HTTP,192.168.56.1,44596,172.17.0.2,80,]
AAF_burpsuit
[Dec 19 17:25:02 osboxes aaf.alerts: WAF/1:SQL Injection Alert !! : Pattern found yXPt=1916%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23,[1576794302,HTTP,192.168.56.1,60728,192.168.56.10,80,]
[Dec 19 17:25:02 osboxes aaf.alerts: WAF/7/6:XSS/Directory Traversal Alert !! : Pattern found yXPt=1916%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23,[1576794302,HTTP,192.168.56.1,60728,192.168.56.10,80,]
AAF_ZAP
Dec 19 16:43:19 osboxes aaf.alerts: message repeated 12 times: [ Founddddd patterns,{%2F..%2F..%2F..%2F } in 192.168.56.10/images/?C=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd [1576791799,HTTP,192.168.56.1,57067,192.168.56.10,80,]]
Dec 19 16:43:19 osboxes aaf.alerts: Founddddd patterns,{%2F..%2F..%2F..%2F } in 192.168.56.10/images/?C=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd [1576791799,HTTP,192.168.56.1,57067,172.17.0.2,80,]
BurpSuite (by PortSwigger) and ZAP (Zed Attack Proxy, by OWASP) are used as penetration testing tools. What are the logs from? The OS? What is your specific question? It looks to me like a directory traversal attempt was happening by using BurpSuite and ZAP against the IP listed there. The first blocks are saying it found the webconfig backup file, the second blocks indicate that the WAF (Web Application Firewall) detected an SQL Injection vulnerability (or attack) against that passwd directory (That is a typical directory traversal attack)
The %2F's are URL encoding for the slash character "/". So an attacker will format their payload in this form so when your backend server ingests the code, the browser will interpret it as the slash.
Also, (just future reference and good practice tip) be careful just copy/pasting the logs on here because sometimes they will contain sensitive data to your organization and you may not recognize it, and could be showing the world a security flaw (don't worry, not in this case from what I can see since the IP is local) But, if these logs are from your own WAF or backend server, the above should help you out.