Forum Discussion
Hello Daniel!
Firs of all, thank you so much for your information!
Let me explain a little bit more.
Today, we have 2 remote servers with booth of them are receiving the logs of our F5 Appliances. We are working to future desable the local logs of our appliances for only make troubleshooting with our 2 remote servers that are receiving this logs internal only. The problem is, we're sending to every alert/block the "query_string" field, but in some cases, the field "query_string" don't show anything, the field are there, but without any information, we detected that some type of signatures like XSS and SQL do not send this values of the exacly query string that match with the attack signature, but if we see it in our local log in F5 we can see the string that matches with the Attack Signature.
Best Regards,
Victor.
Hi Gersbah, that's the thing!, we're sending all of fileds thath contains in F5 logging profile, if we can only receive always the field "query_string" with the match parameter or string that matches an a attack signature, that way is sufficient for us. Thinking about exacly what you say, if the request it is to long, we'll have a problema with the lenght, so, there is a way to "fix" when the query_string come without any information ? even though on the local log of our appliances ?
Thank you,
Victor.