cancel
Showing results for 
Search instead for 
Did you mean: 

F5 ASM - Stagged blocking settings is not send to remote log

Bugs17
Nimbostratus
Nimbostratus

Hi All,

refer to support article https://support.f5.com/csp/article/K15215363 that said stagged attack signature will not send to remote log, but i have some another stagged policy settings is file type, which while i was export from the remote log the url value are blank, but the actual event in f5 are there. my assumption the stagged event log not send to remote log. is that also will not send to remote log? 

Bugs17_1-1655480026436.png

*that attack signature is enforced

Bugs17_0-1655479826158.png

 

1 REPLY 1

Maybe check the link below as the logging profile may include the option to send even staged attack signature matches:

 

https://community.f5.com/t5/technical-forum/logging-and-identify-the-violations-from-staged-signatur...

 

 

 

The option in the F5 Advanced WAF logging profile is "Illegal requests, and requests that include staged attack signatures".

 

 

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/14.h...