Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Ambiguous logs in /var/log/asm

Sarah
Altocumulus
Altocumulus

Hello Community,
I noticed the below logs appearing in /var/log/asm frequently I am curious to know what could be the reason behind them.
I just want to confirm that I dont have any "Automatic Policy" cofigured. 

=================================================
info perl[x]: 01310053:6: ASMConfig change: [update] { audit: component = Policy Builder }

info perl[x]: 01310053:6: ASMConfig change: [add]: IncidentType was set to Access from Malicious or Disallowed source.

================================================

2 REPLIES 2

Hi @Sarah , 

> I think you enable Automatic Learning with one of your policies so you find this Log much , I recommed to review your policies again maybe there is at least one policy has this option enabled by mistake. 

> If you find any of your policies enables Automatic Learninng , this is maybe a reason for this Log. 

> To know About "the Shape of Automatic policy builder " : 
Navigate this Article : 

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/36.h...

Hope this helps you 

_______________________
Regards
Mohamed Kansoh

boneyard
MVP
MVP

Was that indeed the case @Sarah 

If so please flag the question as answered.