Hi we have decided recently to enable few attack specific Signature in Transparent mode in some of our ASM policies. Now that we can scanned for a week we want to export the request / proxy logs and hand them over to dev team so that we can apply the signature set in blocking mode.
I have tried to export them via the Web interface but apache died/ Mysql query going in to time out. I had to to a bigstart restart httpd tomcat to bring it back.
Any way we can export the logs without putting any pressure on the CPU or MySQL? Does asmqkview --proxy-log do any CSV format export of the logs and should it be less CPU intensive?
Hello,you may have what you are looking for in /var/log/asm or ts
as @arnaud said, /var/log/asm may have what you're looking for - it's not identical to the SQL db logs, but should have most if not all of the violations. also, it's handy to have that information remotely logged, too, as that gives you more historical data and will allow you to consolidate ASM messages from multiple devices into one location