cancel
Showing results for 
Search instead for 
Did you mean: 

Source IP logging for AFM DDoS attacks

Renato_Abreu
Altostratus
Altostratus

Hello everyone.

 

I'm configuring AFM DDoS Device Protection and using local-db-publisher for logging.

Looking at the events generated when AFM detects an attack, I can only see the destination IP, but the logs doesn't show the source IP.

Is that normal? Do anyone knows if its possible to enable source IP logging?

 

Thanks in advance.

1 ACCEPTED SOLUTION

Simon_Blakely
F5 Employee
F5 Employee

The answer is in the name - DDoS Device Protection

 

The identified attacks are from multiple distributed source IPs, all targeted at a Destination IP.

Because of the distributed nature of the attack, the large number of Source IPs are considered not relevant, and so are not logged.

View solution in original post

2 REPLIES 2

Simon_Blakely
F5 Employee
F5 Employee

The answer is in the name - DDoS Device Protection

 

The identified attacks are from multiple distributed source IPs, all targeted at a Destination IP.

Because of the distributed nature of the attack, the large number of Source IPs are considered not relevant, and so are not logged.

Renato_Abreu
Altostratus
Altostratus

Got it.

Thank you very much for the answer.