I am presently logging all illegal requests to a single logging profile and I have created a second logging profile which will log remotely. What I want to do is when a particular type of violation is triggered (Virus Detected) I want the second logging profile to be used. Is this possible using an iRule or any other way?
I am sending HTTP file uploads to an ICAP server to perform the Virus Scan. I am getting the violation raised and logged just fine, I just want to send this one violation type to the second logging profile. Thank you.
you can attach multiple log profiles to a virtual server. only how to limit it to only a certain ASM category makes things more complex. that is a asm policy setting and you can't have two of them active.
have a look at the advanced options for logging, perhaps a certain response is enough in this case.
the alternative is an irule which sends a log with HSL if this violation is seen, but then you have to craft the data and such.