23-Mar-2021 22:35
I am seeing lot of logs as below filling the ltm log files
slot1/hostname info tmm[14479]: Hostname="name",SlotId="1",errdefs_msgno="22282261",Entity="DosVisibilityVips",AggrInterval="300",EOCTimestamp="1616413200",HitCount="1",VipName="/Common/https-vs",ServerLatency="0",ServerLatencyHitCount="0",ClientConcurrentConns="0",ServerConcurrentConns="0",MaxClientConcurrentConns="0",MaxServerConcurrentConns="0",ClientNewConns="0",ServerNewConns="0",FailedConns="0",ExpiredConns="0",AbandonedConns="0",ClientBytesIn="0",ServerBytesOut="0",ServerBytesIn="0",ClientOutBytes="0",ClientPktsIn="0",ServerPktsOut="0",ServerPktsIn="0",ClientPktsOut="0",ConcurrentIps="0",ConcurrentBlockedIps="0",ConcurrentIpsParticipatingInAttacks="0",ConcurrentAttacks="0",ServerLatencyHealth="0",ConcurrentConnectionsHealth="0",ThroughputHealth="0",specialConcurrentIpsForAllVips="8"
I do not have analytics module enabled, no debugs on the GUI.
Removed the dos logging, ip intelligence.
Please let me know why it is generating these statistics, how to find them.
25-Mar-2021 00:37
Do you have AFM or ASM with Layer 4 or Layer 7 DDOS?
If your device is working and there is no high CPU memry or any real issue also check if someone has set the tmm log to informational state as by default it should notice and maybe this is why you see this issue:
https://support.f5.com/csp/article/K5532
25-Mar-2021 01:01
Thanks for your inputs.
We have ASM DDOS enabled but I have disabled the logging on the virtual servers to check this problem.
Also do we have option to set TMM value on the GUI?
I can see Traffic management OS which is set to Notice.
25-Mar-2021 02:39
Have you checked the GUI DDOS statistics or if the same messages are in /var/log/dosl7?
https://support.f5.com/csp/article/K45156590
If you have removed the logging profile for https-vs you may check if this VIP is created by an iApp or it has a an irule that could generate such logs or something else?
You may raise a case to the vendor as it could be a bug. The log level "info tmm[14479]: " but the tmm logs are set to notice and this is the strange thing.
Other think is to test seting the ASM log log.ts.level to Notice level from th GUI or CLI just as a test.
That are my ideas.