Forum Discussion
Marvin
Jul 02, 2021Cirrocumulus
F5 ASM event correlation incident alerting
Dear all, I simple question I hope but we are looking for a way to automatically send an alert (via email or perhaps syslog or local log entry) when F5 detects a serious security incident using...
Marvin
Jul 06, 2021Cirrocumulus
Are these correlation incidents logged in /var/log/asm as a correlated incident log entry? not seperate violation log entries?
- Nikoolayy1Jul 06, 2021MVP
Some info is : Limit of unique sessions for this incident reached (f5.com) but also the main log is /var/log/ts/correlation.log as mentioned in BIG-IP ASM daemons (11.x - 16.x) (f5.com) .
Look at it and try using the SNMP custom trap alarms to trigger email.
- MarvinJul 26, 2021Cirrocumulus
the info in correlation.log does not contain security incident specific information unfortunately
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects