Log Response_Violation ASM:Payload details of captured string...

Hi, I am trying to capture the context of the response that was caught by Data guard in order to write an except string...

 

We have response logging turned on but a lot of the response logs are either missing (rate limited) or truncated and we cannot see the context of the string that was blocked.

 

for example: 77-ab', 1 '741ea-c9f, 4ac8-fa119 e51c-a67d7

 

None of the above strings seems to be dynamically generated.

 

I have turned on ASM irule events on the Policy and am trying the below iRUle but not getting full logs of payload in reporting server.

 

iRule to log payload

when ASM_RESPONSE_VIOLATION { set hsl { [HSL::open -proto TCP -pool syslog_server_pool] } set x [ASM::violation_data]

 

for {set i 0} { $i < 7 } {incr i} { switch $i { 0 { log local0. "violation=[lindex $x $i]" } 1 { log local0. "support_id=[lindex $x $i]" } 2 { log local0. "web_application=[lindex $x $i]" } 3 { log local0. "severity=[lindex $x $i]" } 4 { log local0. "source_ip=[lindex $x $i]" } 5 { log local0. "attack_type=[lindex $x $i]" } 6 { log local0. "request_status=[lindex $x $i]" }

 

}}

 

if {([lindex $x 0] contains "VIOLATION_RESPONSE_SCRUBBING")} { log local0. "VIOLATION_RESPONSE_SCRUBBING detected, let's modify" log local0. "[ASM::payload]" }

 

}