Renato_Abreu
Feb 04, 2020Altostratus
Solved
Source IP logging for AFM DDoS attacks
Hello everyone.
I'm configuring AFM DDoS Device Protection and using local-db-publisher for logging.
Looking at the events generated when AFM detects an attack, I can only see the destination IP, but the logs doesn't show the source IP.
Is that normal? Do anyone knows if its possible to enable source IP logging?
Thanks in advance.
The answer is in the name - DDoS Device Protection
The identified attacks are from multiple distributed source IPs, all targeted at a Destination IP.
Because of the distributed nature of the attack, the large number of Source IPs are considered not relevant, and so are not logged.