Ambiguous logs in /var/log/asm

Question

Hello Community,I noticed the below logs appearing in /var/log/asm frequently I am curious to know what could be the reason behind them.I just want to confirm that I dont have any "Automatic Policy" cofigured.&nbsp;=================================================info perl[x]: 01310053:6: ASMConfig change: [update] { audit: component = Policy Builder }info perl[x]: 01310053:6: ASMConfig change: [add]: IncidentType was set to Access from Malicious or Disallowed source.================================================

mohamed_ahmed_kansoh · Answer

Hi&nbsp;Sarah&nbsp;,&nbsp;&gt; I think you enable Automatic Learning with one of your policies so you find this Log much , I recommed to review your policies again maybe there is at least one policy has this option enabled by mistake.&nbsp;&gt; If you find any of your policies enables Automatic Learninng , this is maybe a reason for this Log.&nbsp;&gt; To know About "the Shape of Automatic policy builder " :&nbsp;Navigate this Article :&nbsp;https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/36.htmlHope this helps you&nbsp;

boneyard · Answer

Was that indeed the case Sarah&nbsp;
If so please flag the question as answered.

Forum Discussion

Ambiguous logs in /var/log/asm

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

ASM Logging to CLI /var/log/asm

Forwarding Logs to SIEM Tools via HTTP Proxy for F5 Distributed Cloud Global Log Receiver

F5 Distributed Cloud Telemetry (Logs) - Loki

F5 Distributed Cloud Telemetry (Logs) - ELK Stack

Logging DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS