02-Aug-2022 04:23
Hello,
Is there a way for the F5 AFM Protocol Inspection signature match to automatically do tcpdump pcap capture and save it to a file? The idea is when a signature is triggered by the IPS to to capture the bad packet if it is a false positive, so it can be reviewed.
Solved! Go to Solution.
11-Aug-2022 03:08 - edited 11-Aug-2022 07:03
Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.
11-Aug-2022 03:08 - edited 11-Aug-2022 07:03
Hello, As for now in the security logging profile there seems to be a tab called " log packet payload" for the Protocol Inspection logging that should do the job 🙂 The only issue is that the payload that triggered the violation is saved as hex but a converter solves this this issue.
01-Feb-2023 06:54
As the payload may be large or there would be a large number of logs generated, it would be better to send the logs to a remote logging server.