Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Is there a way for the F5 AFM Protocol Inspection signature match to automatically do pcap capture?

Go to solution
Nikoolayy1
MVP
MVP

‎02-Aug-2022 04:23

Hello,

 

Is there a way for the F5 AFM Protocol Inspection signature match to automatically do tcpdump pcap capture and save it to a file? The idea is when a signature is triggered by the IPS to to capture the bad packet if it is a false positive, so it can be reviewed.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Nikoolayy1
MVP
MVP

‎11-Aug-2022 03:08 - edited ‎11-Aug-2022 07:03

Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Nikoolayy1
MVP
MVP

‎11-Aug-2022 03:08 - edited ‎11-Aug-2022 07:03

Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.

0 Kudos

Go to solution
Greasy_Pretzel
F5 Employee
F5 Employee

‎01-Feb-2023 06:54

As the payload may be large or there would be a large number of logs generated, it would be better to send the logs to a remote logging server.

0 Kudos
Copyright © 2023 Khoros, LLC