For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lukasz_01_15307's avatar
Lukasz_01_15307
Icon for Nimbostratus rankNimbostratus
Jan 22, 2016

ASM No Logs for given Support ID

Hi Guys,

 

I have an f5 appliance running LTM and ASM. From time to time I'm getting support tickets from ASM when someones traffic gets blocked. Usually tickets are starting with the same sequence of numbers for example 111xxx 222xxx etc. recently I noticed that when I search for tickets starting they are not in the logs, but this only seems to happen for one specific sequence... please help.

 

So basically it looks like some ASM support IDs are not being logged when others are.

 

I tried doing what's suggested here https://devcentral.f5.com/questions/cannot-find-support-id but we are only logging locally and the suggested solution is available only for remote storage.

 

ASM Advanced WAF
security
waf

4 Replies

  • eirikn's avatar
    eirikn
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2016

    Are you sure you are actually logging ASM local?

     

    Local ASM logging was disabled in a recent patch, due to performance issues.

     

  • Lukasz_01_15307's avatar
    Lukasz_01_15307
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2016

    Yes, I just went through all the servers and all have "Log illegal requests" profile enabled. I also checked the profile itself and yes, "Local Storage" is enabled. I've even checked standby unit thinking that maybe it was active for some reason and still nothing. All logs that I can't find start with the same number sequence...

     

    Any ideas?

     

    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jul 28, 2016

      Hi,

       

      Do you still have this issue ? If you check the asm log file in /var/log/asm, do you find the missing Support ID ?