ASM L7 Behavioral DoS attack email notification
1 TopicASM L7 DoS email alert
Hello Everyone, Greetings! I've been trying to configure email notifcation when ASM L7 DoS event is triggered in F5 BIG-IP. And as far the configration goes are mentioned below: Created an iRule and attached to virtual server. when IN_DOSL7_ATTACK { log local0. "Attacker IP: $DOSL7_ATTACKER_IP" log local0. "Mitigation: $DOSL7_MITIGATION" #DOSL7::disable } I enabled the Trigger iRule on DoS profile of ASM module and the DoS profile attached to its respective virtual server. When I performed the DoS attack using locust tool on the F5 virtual ip then on the dosl7d.log, the attack was recorded - On GUI On CLI: but there was simply just two entry on the /var/log/ltm The iRule used is Just a quick questions: - Do i need to have additional configuraiton, or am i expecting the wrong entry of the DoS event on the ltm log? - Regarding the behavioral DoS detection, Any idea like what are the parameters does the behavioral dos monitors and then triggers it on F5 BIG-IP. SInce the actual code or logic to identify and trigger behavioral dos is kept in a compiled mode.Solved1.5KViews0likes9Comments