Logging Dos Events
Hi
I have a question about setting up alerts on DOS events.
All the ASM logs are forwarded to a splunk server and i want to redirect (if possible) all dos events to splunk server.
i tried to configure a log destination and a remote publisher (on the same destination as asm) to do that but it doesn't work, maybe beacause i've seen after this limitation : The BIG-IP Advanced Firewall Manager™ (AFM™) must be licensed and provisioned before you can configure DoS Protection event logging.
Then i tried an irule (https://devcentral.f5.com/s/question/0D51T00006i7d7y/how-can-i-alert-on-an-asm-denial-of-service-event) but this one write an event for each request in ltm.log.
What could be a solution to just to be notified in case of dos attack event ?
Thanks pour your help
Regards