Forum Discussion

hosting-team

Nimbostratus

Sep 26, 2022

BIG-IP AFM DoS Device Protection source IPs logged?

Are the source IPs of a DoS attack logged on the F5 anywhere?

security

AubreyKingF5

Ret. Employee

Oct 03, 2022

Logging on a DoS firewall needs to be carefully dialed in. If we were to turn on source logging by default, a 3DoS could fill a BIG-IP disk in minutes, or even seconds, depending on the attack. Unfortunately, the answer to your question is 'No,' however.. I would highly encourage you to get a dedicated physical link on your F5 - as big as you can get it.. maybe 2 ports per box, aggregated - for logging, if you want to do DoS logging. Then, you need to set up a logging profile:
https://support.f5.com/csp/article/K51266926

That should be enough to point you in the right direction.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

BIG-IP AFM DoS Device Protection source IPs logged?

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] - How to disable the SQL injection attack signatures

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Automating Certificate Management on F5 BIG-IP

What's new in BIG-IP v21.0?

F5 BIG-IP Zero Trust Access

VMware VKS integration with F5 BIG-IP and CIS

Knowledge sharing: Order of precedence for BIG-IP modules, ASM DDOS Protection, Bot Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS