I'm running BIG-IQ 7.0 and I'm unable to Discover the ASM module on 2 BIG-IP's, (running 12.1.2 and 184.108.40.206). LTM and DNS modules are discovered and configs imported with no issues. Below is the error messages from restjavad.0.log. Has anyone ever run into this issue? Thanks, Dave.
[INFO][04 Feb 2020 09:08:42 CST][/cm/security-shared/tasks/discover-config/60e17daf-bf8b-43b7-ab9f-340f8898271c/worker SharedDiscoveryTaskWorker] Discover: Elapsed times in mSec: GET_BIG_IP_INFO:2 GET_PROVISIONING_INFO:121 VERIFY_PROVISIONING:57 UPDATE_INPROCESS_STATE:66 WORKER_SPECIFIC_PREPROCESSING:66 CHECK_BULK_DISCOVERY_SUPPORT:58 DISCOVER_OBJECTS:2970 POST_DISCOVERY_PROCESSING:59 UPDATE_DISCOVERED_STATE:69 UPDATE_DEVICE:58 (Total 3526)
[ERROR][04 Feb 2020 09:08:44 CST][/cm/asm/tasks/discover-config/5cf10f82-3af1-4a7f-95e6-bcb2648b218c/worker AsmDiscoveryTaskWorker] java.lang.NullPointerException
[ERROR][04 Feb 2020 09:08:44 CST][/cm/asm/tasks/discover-config/5cf10f82-3af1-4a7f-95e6-bcb2648b218c/worker AsmDiscoveryTaskWorker] no message: java.lang.NullPointerException
[ERROR][04 Feb 2020 09:08:44 CST][/cm/global/tasks/device-discovery/afd4319a-8114-49b1-be50-44b17031a007/worker DiscoverySuperTaskWorker] Failed to process module tasks for device xx-bigip-220.127.116.11.labs.wwtatc.local (10.253.x.x): At least one module has failed
[ERROR][04 Feb 2020 09:08:45 CST][/cm/global/tasks/device-discovery/afd4319a-8114-49b1-be50-44b17031a007/worker DiscoverySuperTaskWorker] Failed to process module tasks for device xx-bigip-18.104.22.168.labs.wwtatc.local (10.253.x.x): At least one module has failed
Solved! Go to Solution.
We are also experiencing the same issue, with version 14.1.2.x importing ASM into BIG-IQ 7.0.0.
I've engaged support, hopefully they will get back to us shortly with an answer.
Thanks Pantelis! Sharing the fix would be much appreciated once you find out. This issue is happening on an HA pair of BIG-IQ's with DCD as witness. I built a standalone BIG-IQ and it doesn't have this issue at all. Not sure if HA vs. standalone is related but just something I noticed.
Also, anyone have experience how to use DCD as ASM log?
after adding the DCD's in bigiq , you need to enable the services in each DCD.
there will 4 or 5 services, ACCESS, ASM(web applicaiton sercurity, DDOS, AFM, FPS
each service listen on specific port for ASM logs its 8514 tcp.
once enabled, in ASM create a new Logging profile with port 8514 and DCD IP.
Once logs sent to DCD, you can see very good report under BIGIQ - monitoring - web applicaiton -events also under reporting.
Hi all, checking back to see if anyone has had any luck with a fix? If so, when you have a chance please let us know. I will do the same. Our support contract is currently expired so pursuing a renewal so I can open a support case. Once I do, I will post results here. Thanks Guys!
Thanks Kyle, really appreciate the help! I tried the steps in the knowledge article and it didn’t work for me, however, it lead me down a path to a fix:
1) Deleted all the attack signatures on the CM (restcurl -X DELETE /cm/asm/attack-types/)
2) Discovered/Imported the ASM (12.x)
3) On CM, manually downloaded/installed the latest attack signature to make sure I was up to date.
4) Had to repeat the process again to discover/import the 13.x BIG-IP as it ran into same issue.