Forum Discussion
Philipp_Stadler
Nimbostratus
Nimbostratusdetailed logging for ASM
Hi all,
I've a question regarding logging for ASM Violations. Is there a possibility to log detailed information on Violations? (could also be from an iRule) an example: If there is an "Illegal Parameter" Violation, I want to see, which parameter triggers the violation, too. Is there a possibility to get this information.
Thanks, Philipp
2 Replies
Hello.
Yes ASM supports detailed logging on violations including the parameters. Have a look at the example here.
There are also a number of iRule ASM events you could look at if you are interested.
Philipp_Stadlerso I couldn't find the parameter name in the logs. i.e. find attached logs, I couldn't get the parameter name for these two logs.
[SECEV] Request violations: Illegal parameter,Illegal URL. HTTP protocol compliance sub violations: N/A. Evasion techniques sub violations: N/A. Web services security sub violations: N/A. Virus name: N/A. Support id: 1111111111111, source ip: 1.1.1.1, xff ip: 1.1.1.1, source port: 49863, destination ip: 2.2.2.2, destination port: 443, route_domain: 2, HTTP classifier: /XY/class_1, scheme HTTPS, geographic location: , request: , username: , session_id: <1111111111111111> [SECEV] Request violations: Illegal parameter. HTTP protocol compliance sub violations: N/A. Evasion techniques sub violations: N/A. Web services security sub violations: N/A. Virus name: N/A. Support id: 11111111111111111, source ip: 1.1.1.1, xff ip: 1.1.1.1, source port: 40026, destination ip: 2.2.2.2, destination port: 443, route_domain: 2, HTTP classifier: /XY/class_1, scheme HTTPS, geographic location: , request: , username: , session_id: <1111111111111111>regards, Philipp
