Remote log WAF based on number of violations
Hi All,
At a customer I have configured a WAF to protect their web applications. Also configured a Logging Profile to send the logging to a remote server. This works fine.
But customer would like to have some control on what is being send to the remote server and when.
So the log of a violation that only occurs once (within a certain time frame) does not need to go to the remote log server.
But a (identical) violation that occurs serveral times and has a high security violation needs to be send to the remote server
I know I can configure a filter to include or exclude what is being send to the remote server. But can the F5 WAF send logs to a remote server based on number of events within a time frame?
Hope you can help or point me to some useful links or documents.
Regards,
Martijn