F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Aug 02, 2022
Solved

Is there a way for the F5 AFM Protocol Inspection signature match to automatically do pcap capture?

Hello,

 

Is there a way for the F5 AFM Protocol Inspection signature match to automatically do tcpdump pcap capture and save it to a file? The idea is when a signature is triggered by the IPS to to capture the bad packet if it is a false positive, so it can be reviewed.

AFM
application delivery
security
  • Nikoolayy1's avatar
    Nikoolayy1
    Aug 11, 2022

    Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job πŸ™‚ The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.

2 Replies

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Aug 11, 2022

    Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job πŸ™‚ The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.

  • Greasy_Pretzel's avatar
    Greasy_Pretzel
    Ret. Employee
    Feb 01, 2023

    As the payload may be large or there would be a large number of logs generated, it would be better to send the logs to a remote logging server.