Solved
Forum Discussion
Hello Manohar.
PRX.REQUEST_LOG has a column called "support_id".
# mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "select * from PRX.REQUEST_LOG where support_id = 9374597410145173508\G"
*************************** 1. row ***************************
id: 1
support_id: 9374597410145173508
support_id_suffix: 3508
Regards,
Dario.
Apr 27, 2021
Hello Manohar.
In my case, this and event collected from GUI:
Geolocation: Spain
Source IP Address: 88.3.223.72:49838
Device ID: N/A
Microservice: N/A
Username: N/A
Session ID: 2b2ab2c1d68399a8
Source IP Intelligence: N/A
Host: public.example.es
Destination IP Address: 10.40.40.128:443
Client Type: Uncategorized
Accept Status: Not Accepted
Support ID: 12551088809188504241
Time: 2021-04-27 10:10:18
Violation Rating: 3 Request needs further examination
Attack Types: Information Leakage
Request Status: Illegal
Blocking Exception Reason: N/A
Security Policy: security_public
Virtual Server: vs_public
Method: OPTIONS
Response Status Code: 200
Severity: Critical
And as you can see, it's reflected correctly in the DB.
# mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "select * from PRX.REQUEST_LOG where support_id = 12551088809188504241\G"
*************************** 1. row ***************************
id: 14240
support_id: 12551088809188504241
support_id_suffix: 4241
policy_id: 4
log_time: 1619518218
src_ip: 88.3.223.72
src_port: 49838
route_domain: 0
dest_ip: 10.40.40.128
dest_port: 443
request_schema: 1
method_code: 3
url: /url/
response_code: 200
username:
session_id: 2b2ab2c1d68399a8
device_id:
geo_location_country_code: ES
severity_id: 2
slot_number: 0
violation_rating: 3
attack_types_mask: 1024
has_violations: 1
viol_set_enforce:
viol_set_staging:
flg_req_blocked: 0
flg_req_truncated: 0
flg_resp_compressed: 0
flg_resp_truncated: 0
is_unblock_request: 0
response_exclusion_reason: 4
iprep_threat: 0
protobuf_file_id: 4
protobuf_file_seek_pos: 1469980
protobuf_record_size: 835
suggestion_keys: servertech:r2:686155af75a60a0f6e9d80c1f7edd3e9,filetype:r2:570cb2d086023f967bcd4b72436bb33e,method:r2:164dd62adb30ca051b5289672a572f9b,host:r2:bf8d561a3fd3a920d805d2d5555be9ce
flg_display: 1
host_header: public.example.es
virtual_server_name: /Common/vs_public
microservice_url:
microservice_host_name:
matched_microservice:
I will do say that it's the same DB.
Regards,
Dario.