Renato_Abreu
Feb 04, 2020Altostratus
Solved
Source IP logging for AFM DDoS attacks
Hello everyone. I'm configuring AFM DDoS Device Protection and using local-db-publisher for logging. Looking at the events generated when AFM detects an attack, I can only see the destination...
- Feb 04, 2020
The answer is in the name - DDoS Device Protection
The identified attacks are from multiple distributed source IPs, all targeted at a Destination IP.
Because of the distributed nature of the attack, the large number of Source IPs are considered not relevant, and so are not logged.