Forum Discussion

hosting-team

Nimbostratus

Sep 26, 2022

BIG-IP AFM DoS Device Protection source IPs logged?

Are the source IPs of a DoS attack logged on the F5 anywhere?

security

AubreyKingF5

Moderator

Oct 04, 2022

Logging on a DoS firewall needs to be carefully dialed in. If we were to turn on source logging by default, a 3DoS could fill a BIG-IP disk in minutes, or even seconds, depending on the attack. Unfortunately, the answer to your question is 'No,' however.. I would highly encourage you to get a dedicated physical link on your F5 - as big as you can get it.. maybe 2 ports per box, aggregated - for logging, if you want to do DoS logging. Then, you need to set up a logging profile:
https://support.f5.com/csp/article/K51266926

That should be enough to point you in the right direction.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

BIG-IP AFM DoS Device Protection source IPs logged?

Recent Discussions

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Related Content

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense, natively

Logging into big-ip using Chef Inspec script

BIG-IP Meets DoD’s Needs for Next Level Logging Capabilities

Arabic Blackboard F5 series [what is Big-IP]

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS