cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

ASM violations counter | email alert | iRule

Abed_AL-R
Cirrostratus
Cirrostratus

Hi

 

I wrote this irule to count violations and send email notification once it reaches out the max rate

It should send email notification if number of violations in ASM / AWAF crossed the 100 violations in maximum 7 days

After 7 days the counter will be reset if no violation was encountered

If during the 7 days the counter reach the 100 violations it will send the email notification and reset the counter

 

https://github.com/ac89live/f5-irules/blob/main/asm%20violation%20counter%20email%20notification.tcl

 

I tested it and it is working

If it is not written the best way and If someone has any suggestions or can enhance it more he is more than welcome 🙂

 

Anyway, one thing I'd like to mention is that this irule using global variables because there is some variables need to be the same on all TMMs.

So during the commit you might notice the F5 CLI note the following message "demoted from CMP" .. So be aware of this

1 REPLY 1

Nice Thanks . Just a note .For non static global variables you can test with the table command to share them between TMM :

 

https://support.f5.com/csp/article/K13033