cancel
Showing results for 
Search instead for 
Did you mean: 

F5 ASM Email alerts for various Attack Detection and Violations

Priyesh_MP
Nimbostratus
Nimbostratus

Dear Team,

 

Good day!

 

Can anyone let me know how I can configure email alerts for various attacks/violations in ASM? The requirement here is customer wants ASM to send an email alert whenever there is any DDoS attack, SOL Injection, or any such attacks or violations.

 

Thank you.

 

Best Regards,

Priyesh MP

2 REPLIES 2

PeteWhite
F5 Employee
F5 Employee

Should be pretty simple - look at /config/user_alert.conf but note that https://support.f5.com/csp/article/K14397 mentions that dosl7d cannot be used to trigger emails this way. However, you could probably quite easily use an iRule to create a specific syslog message when you see a specific violation.

See https://support.f5.com/csp/article/K3667 for how to setup email alerts

eg

when IN_DOSL7_ATTACK { log local0.error "IP: $DOSL7_ATTACKER_IP Mitigation: $DOSL7_MITIGATION" }

 

Aslam_Patel
Altostratus
Altostratus

have you managed to set email alert for DDOS events?