Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

ASM violations counter | email alert | iRule

Abed_AL-R
Cirrostratus
Cirrostratus

‎14-Mar-2021 06:36

Hi

 

I wrote this irule to count violations and send email notification once it reaches out the max rate

It should send email notification if number of violations in ASM / AWAF crossed the 100 violations in maximum 7 days

After 7 days the counter will be reset if no violation was encountered

If during the 7 days the counter reach the 100 violations it will send the email notification and reset the counter

 

https://github.com/ac89live/f5-irules/blob/main/asm%20violation%20counter%20email%20notification.tcl

 

I tested it and it is working

If it is not written the best way and If someone has any suggestions or can enhance it more he is more than welcome 🙂

 

Anyway, one thing I'd like to mention is that this irule using global variables because there is some variables need to be the same on all TMMs.

So during the commit you might notice the F5 CLI note the following message "demoted from CMP" .. So be aware of this

Labels:
1 REPLY 1

Nikoolayy1
MVP
MVP

‎22-Mar-2021 09:43

Nice Thanks . Just a note .For non static global variables you can test with the table command to share them between TMM :

 

https://support.f5.com/csp/article/K13033

0 Kudos
Copyright © 2023 Khoros, LLC