I need to get the log pattern for attack logs from F5 ASM module. I am receiving logs but I am not sure which fields are given. For example, please find the below mentioned log snippet which is not a complete log but just the part which I do not understand:
In the above example, the fields are comma separated, the fields which I infer are : "alerted" shows the actions, "401" shows the response code,etc.
I do not understand what is "2" and "0" indicate. Can you please help.
Also, it would be great if someone can provide a doc for log patterns of F5 ASM. I want to prase these fields at LogRhythm SIEM end. If there is any good log format which is easier to understand then please let me know that as well.