Forum Discussion
Is there a way for the F5 AFM Protocol Inspection signature match to automatically do pcap capture?
Hello,
Is there a way for the F5 AFM Protocol Inspection signature match to automatically do tcpdump pcap capture and save it to a file? The idea is when a signature is triggered by the IPS to to capture the bad packet if it is a false positive, so it can be reviewed.
Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.
Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.
- Greasy_PretzelRet. Employee
As the payload may be large or there would be a large number of logs generated, it would be better to send the logs to a remote logging server.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com