For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrocumulus rank

Cirrocumulus

Jul 02, 2021

F5 ASM event correlation incident alerting

Dear all, I simple question I hope but we are looking for a way to automatically send an alert (via email or perhaps syslog or local log entry) when F5 detects a serious security incident using...

ASM Advanced WAF

incident response

security incident

Icon for Cirrocumulus rank

Cirrocumulus

Jul 06, 2021

Are these correlation incidents logged in /var/log/asm as a correlated incident log entry? not seperate violation log entries?

Nikoolayy1
MVP
Jul 06, 2021
Some info is : Limit of unique sessions for this incident reached (f5.com) but also the main log is /var/log/ts/correlation.log as mentioned in BIG-IP ASM daemons (11.x - 16.x) (f5.com) .

Look at it and try using the SNMP custom trap alarms to trigger email.
- Marvin
  Cirrocumulus
  Jul 26, 2021
  the info in correlation.log does not contain security incident specific information unfortunately

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5