Tim_Cooke's avatar
Tim_Cooke
Icon for Altocumulus rankAltocumulus
Jul 05, 2022
Status:
Declined

ASM logs - Allow filtering on multiple IP addresses

Please can the ASM request log filtering options be updated to allow for inclusion and exclusion of multiple Source IP addresses, e.g. individual IPs separated by comma, IP ranges (start - finish) or whole subnets (start/mask).

Currently ASM logs can only be filtered on single source IP address and we would like to be able to exclude multiple addresses in the same range to better see traffic coming from other sources.

Currently on version 15.1.6

  • Status changed:
    New
    to
    Investigating

    Tim_Cooke - thanks for the suggestion. I will try to locate someone who can speak to this authoritatively.

  • There are a couple of existing RFE (Request For Enhancement) bug IDs open for this functionality; bug ID698555 specifically requests the ability to filter on multiple IP addresses, and bug ID843893 generically looking for more complex filtering abilities. Both have been open for some time and have very few (four and two) customers linked to them, the best way of raising the priority of these is opening a ticket with Support and asking for your case to be linked to the ID.

    In general I'd encourage logging off-box for better flexibility, with the advantage that you aren't bound by the size limitations of the on-box log stores.

  • Thanks AaronJB  - really helpful.

    Tim_Cooke - for the purposes of THIS suggestion record I'd like to resolve it IF you agree that piling onto those existing RFE's is the way to go AND/OR if you agree to Aaron's recommendation about logging off-box (and that changes your desire to pile on to the RFE's in question).

    If neither of those are true for you let me know.

    and

    Do you know how to add your support for an RFE?

  • Thanks LiefZimmerman and AaronJB for the comments. 

    I'm happy to add my desire for the functionality within ASM itself. If that's just a case of opening a standard support call and mentioning the RFE IDs, I can do that, but if it's done a different route, please advise.

    We do already offload the logs to a separate logging service (VMware Log Insight), precisely because of the short retention within ASM itself, but that will take signficant effort to develop the necessary filtering and reports to present the data in a similar way to how we can get it in ASM (though that's possibly just a training issue!). It also breaks that direct link to things like suggestions that may be presented as part of the logs.

  • Tim_Cooke - indeed, opening a case and requesting your case be linked to these RFE Bug ID's is a good next step.

    • bug ID698555: ability to filter on multiple IP addresses
    • bug ID843893 : generically looking for more complex filtering abilities.

    This suggestion record, on DevCentral, won't mean much to Support as it tends to be for DevCentral related work but I would like to make sure I hear back that you successfully opened a case with Support so I can resolve this loop (and perhaps provide helpful procedural info for anyone discovering this thread down the road).

    Thanks for being part of our community.
    Lief

  • Status changed:
    Investigating
    to
    Declined

    Tim_Cooke,

    I'll close this suggestion as declined (as it pertains to the Community) and because of the process described around opening an RFE with your account team.

    Thank you for the suggestion.
    If you disagree with my assessment or still need assistance somehow let me know and we can explore next steps.

    Thanks,
    Lief