Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 ASM - Stagged blocking settings is not send to remote log

Bugs17
Nimbostratus
Nimbostratus

‎17-Jun-2022 08:36

Hi All,

refer to support article https://support.f5.com/csp/article/K15215363 that said stagged attack signature will not send to remote log, but i have some another stagged policy settings is file type, which while i was export from the remote log the url value are blank, but the actual event in f5 are there. my assumption the stagged event log not send to remote log. is that also will not send to remote log? 

Bugs17_1-1655480026436.png

*that attack signature is enforced

Bugs17_0-1655479826158.png

 

Labels:
0 Kudos
1 REPLY 1

Nikoolayy1
MVP
MVP

‎19-Jun-2022 02:41

Maybe check the link below as the logging profile may include the option to send even staged attack signature matches:

 

https://community.f5.com/t5/technical-forum/logging-and-identify-the-violations-from-staged-signatur...

 

 

 

The option in the F5 Advanced WAF logging profile is "Illegal requests, and requests that include staged attack signatures".

 

 

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/14.h...

0 Kudos
Copyright © 2023 Khoros, LLC