Forum Discussion

jacfal's avatar
Icon for Nimbostratus rankNimbostratus
Jul 21, 2021

Reporting DoS events through syslog not work

Hi, I am trying to send syslog formatted DoS events to a remote server. I proceeded as follows:


  1. I created syslog pool, which contains one member listening on x.x.x.x:6514. The pool is completely accessible, UDP monitoring is green
  2. I created HSL log destination with pool from step 1.; protocol - UDP; Distribution - adaptive. Then I created another log destination with syslog format and with forwarding to the created HSL log destination
  3. Next, I created a log publisher, which contains only "syslog log destination"
  4. At the last, in Security Event logs I created a new logging profile where I enabled "DoS protection" and set remote publisher to publisher created in the 3. step


When I generate some test DoS attack (via hping), I see this attack at the DoS real-time dashboard, but none event is sent to the remote syslog server (verified by tcpdump). What confuses me is that I don't see any DoS events in DoS event logs neither. Am I missing something? 


BigIp version:

No RepliesBe the first to reply