cancel
Showing results for 
Search instead for 
Did you mean: 

Reporting DoS events through syslog not work

jacfal
Nimbostratus
Nimbostratus

Hi, I am trying to send syslog formatted DoS events to a remote server. I proceeded as follows:

 

  1. I created syslog pool, which contains one member listening on x.x.x.x:6514. The pool is completely accessible, UDP monitoring is green
  2. I created HSL log destination with pool from step 1.; protocol - UDP; Distribution - adaptive. Then I created another log destination with syslog format and with forwarding to the created HSL log destination
  3. Next, I created a log publisher, which contains only "syslog log destination"
  4. At the last, in Security Event logs I created a new logging profile where I enabled "DoS protection" and set remote publisher to publisher created in the 3. step

 

When I generate some test DoS attack (via hping), I see this attack at the DoS real-time dashboard, but none event is sent to the remote syslog server (verified by tcpdump). What confuses me is that I don't see any DoS events in DoS event logs neither. Am I missing something? 

 

BigIp version: 15.1.2.1

0 REPLIES 0