Forum Discussion

Mitesh's avatar
Mitesh
Icon for Nimbostratus rankNimbostratus
Apr 01, 2020

F5 ASM Log pattern understanding

Hi Team,

 

I need to get the log pattern for attack logs from F5 ASM module. I am receiving logs but I am not sure which fields are given. For example, please find the below mentioned log snippet which is not a complete log but just the part which I do not understand:

 

X-Forwarded-For: X.X.X.X\r\n\r\n<?xml version=""""1.0"""" encoding=""""utf-8""""?><Autodiscover xmlns=""""http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006""""><Request><EMailAddress>MailAddress</EMailAddress><AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema></Request></Autodiscover>"",""alerted"",""401"",""2"",""0"",""Error"",""200000152"",

 

In the above example, the fields are comma separated, the fields which I infer are : "alerted" shows the actions, "401" shows the response code,etc.

 

I do not understand what is "2" and "0" indicate. Can you please help.

 

Also, it would be great if someone can provide a doc for log patterns of F5 ASM. I want to prase these fields at LogRhythm SIEM end. If there is any good log format which is easier to understand then please let me know that as well.

 

Regards,

Mitesh Agrawal