Forum Discussion
NimbostratusDos profile logging
Hello, I enabled Dos bot signatures block mode. I can see Client ip address, bog signature name, category name, vip adress from dos reporting
I want see these information into the log file for that reason i created dos logging profile but i can not see from Syslog server.
what i need to enabled on bigip for sending these fields with logging profile
here is the syslog output
05-08-2018 07:12:26 Local7.Debug 10.1.10.249 action="Blocking",hostname="waf12. 07 2018 11:38:58",context_name="/Common/dvwa_vip",context_type="Virtual Server",date_time="May 08 2018 17:12:37",device_product="ASM",device_vendor="F5",device_version="12.1.3",device_blade="0",dos_attack_detection_mode="",dos_attack_event="Mitigation stats",dos_attack_id="",dos_attack_latency="",dos_attack_name="",dos_attack_tps="0 tps",dos_baseline_latency="",dos_baseline_tps="0 tps",dos_baseline_traffic_percent="",dos_current_traffic_percent="",dos_dropped_requests_count="2",dos_incoming_requests_count="2",dos_mitigation_action="",dos_mitigation_reason="Bot filtering",errdefs_msgno="23003140",errdefs_msg_name="Application DoS Event",severity="0",partition_name="Common",profile_name="/Common/test",reported_entity_type="Source IP",source_ip="10.1.10.233",device_id=""
natheCirrocumulus
Zafer - when configuring your logging profile, did you enable just DoS Protection, or did you enable this and Bot Defense? Without testing I wonder if you need Bot Defense too, as there is a setting within this stating "Log Bot Signature Matched Requests".
Hope this helps,
N
zafer- nathe
How have you configured your logging profile?
KimihitoEmployee
Hi Zafer,
"Bot Defence" option in logging profile was introduced in v13. As you are on v12, your software does not have the option. With "Bot Defence" option enabled on the supported version, Bot signature name, category etc should be sent out to remote logging server.