Forum Discussion

JK2's avatar
JK2
Icon for Nimbostratus rankNimbostratus
Sep 18, 2023

F5 ASM logging settings

Hey Guys,


Have you ever deal with turning off one particular part of logs in ASM? for example im dealing with huge amount of logs of "Access from malicious ip address" which is resource consuming and its spamming logs which are unreadable due to this. Is there any way to filter this out, or make F5 profile to not log "Access from malicious ip address" at all?

 

Thanks in advance,

JK2

 

6 Replies

  • You can disable that unter Security -> Apllication Security -> Policy Building -> Learning and Blocking Settings -> IP Addresses and Geolocations. Just uncheck Alarm und keep Block 

  • you can use the ip address expcetion and enable "Never log traffic from this IP Address"

    also select below options

    To always block traffic from this IP address, select Always block this IP.
    To block according to policy rules, select Policy Default.

  • JK2's avatar
    JK2
    Icon for Nimbostratus rankNimbostratus

    Hi guys,

    Thanks for answers.

    Anyway I have planty IPs we are coming towards system. From unexpected location (which are in F5 mal. db) as well, so I cant manually add every IP to exceptions.

    And unfortunetely, I have alarms for IP Addresses and Geolocations turned off, but logs are still coming.

     

    Thanks

  • what kind of security policies do oyu have Positive security Policies or Negative Security Policies.

     

    A positive security model is one that defines what is allowed and rejects everything else. It is in contrast to a negative security model that defines what is disallowed, while implicitly allowing everything else. Negative security models are the most common protection models, this is one of the drawback of Negative Security Policy to define everything that you want to disallow/block.

    • JK2's avatar
      JK2
      Icon for Nimbostratus rankNimbostratus

      We are using negative one.

       

       

      Thank you,

      JK2

  • JK2 - did you get your issue resolved?
    If so  it would be helpful to the community to select *Accept As Solution* (you can choose more than one reply)
    Thanks for joining and being a part of our community.