Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Using a Second Logging Profile for one ASM Violation Type

Hi,

I am presently logging all illegal requests to a single logging profile and I have created a second logging profile which will log remotely. What I want to do is when a particular type of violation is triggered (Virus Detected) I want the second logging profile to be used. Is this possible using an iRule or any other way?

I am sending HTTP file uploads to an ICAP server to perform the Virus Scan. I am getting the violation raised and logged just fine, I just want to send this one violation type to the second logging profile. Thank you.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

you can attach multiple log profiles to a virtual server. only how to limit it to only a certain ASM category makes things more complex. that is a asm policy setting and you can't have two of them active.

have a look at the advanced options for logging, perhaps a certain response is enough in this case.

the alternative is an irule which sends a log with HSL if this violation is seen, but then you have to craft the data and such.

0