Forum Discussion

Augusto's avatar
Augusto
Icon for Nimbostratus rankNimbostratus
Sep 27, 2023

How to filter ASM logs by the client's real IP?

Hello everybody, I have an environment where I have two F5s, one external and one internal, however the ASM module is only enabled on the internal F5, in which the source IP that arrives is from t...
application delivery
event
security
ragunath154's avatar
ragunath154
Icon for Cirrostratus rankCirrostratus
Sep 27, 2023

if you have attached a http profile with Accept XFF   enabled in ASM F5 VIP and in the WAF policy enable the Trust XFF Header   then you can see the X-forward-for IP actual client ip in asm event logs instead of External F5 Selfip, then you can filter the log with IP address.