Source IP logging for AFM DDoS attacks

Question

Hello everyone.&nbsp;I'm configuring AFM DDoS Device Protection and using local-db-publisher for logging.Looking at the events generated when AFM detects an attack,  I can only see the destination IP, but the logs doesn't show the source IP.Is that normal? Do anyone knows if its possible to enable source IP logging?&nbsp;Thanks in advance.

simon_blakely · Accepted Answer

The answer is in the name - DDoS Device Protection&nbsp;The identified attacks are from multiple distributed source IPs, all targeted at a Destination IP.Because of the distributed nature of the attack, the large number of Source IPs are considered not relevant, and so are not logged.

renato_abreu · Answer

Got it.Thank you very much for the answer.

Forum Discussion

Source IP logging for AFM DDoS attacks

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Log-in attacks, Ransomware gangs, Autohack with LLMs-Feb 18-24, 2024- F5 SIRT- This Week in Security

ESRP Strategies: DNS Water Torture Attack

Application attack from different source IPs

Juice jacking attack and State-funded attacks - April 15th - 21st - This Week in Security

Change original source IP to random in ASM logs