Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Session Tracking in the ASM

I want to implement the session tracking feature in the ASM by setting a session threshold. To determine this threshold I wanted to know how the ASM maintains state information. Is it through the TS cookie (Main ASM cookie) ? I see a session id in the event logs for ASM. Can I expose this session id to remote log server through an iRule for any violations ? This would help me calculate my threshold. Or should this be done through the Main ASM cookie ?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Yes, ASM maintains state information with the Main ASM Cookie, the TS Cookie, and this is tied to the sessionID you see in the event logs.

I do not believe the sessionID itself is exposed via an irule however (see the page on ASM::violation_data), however, you should simply get this information logged remotely anyway when you use remote logging, without needing to extract it within an iRule.

Have a look at this manual on Logging Application Security Events.

0