cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way for the F5 AFM Protocol Inspection signature match to automatically do pcap capture?

Hello,

 

Is there a way for the F5 AFM Protocol Inspection signature match to automatically do tcpdump pcap capture and save it to a file? The idea is when a signature is triggered by the IPS to to capture the bad packet if it is a false positive, so it can be reviewed.

1 ACCEPTED SOLUTION

Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.

View solution in original post

1 REPLY 1

Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.