[AFM] Log implicite drop rule

Question

Hi,&nbsp;
I have modified the global-network log profile to activate local log (by selecting local-ddb -publisher), the profile is associated with all VS but the implicite drop rule for all the context is not logged.&nbsp;
Is-it possible to log all drop rule ?&nbsp;
Thank you,&nbsp;
Best regards&nbsp;

thomas_gobet · Answer

Hi,&nbsp;
You can't modify the implicite rule.&nbsp;
You have to define a "default" global rule with the log statement activated.  &nbsp;
The result will be the same than what you wanted.&nbsp;

brahim94_11525 · Answer

So I have to define a default drop rule for every VS, SelfIP... ?&nbsp;

thomas_gobet · Answer

Yes, for every VS.&nbsp;
If your trafic is under global level, you just need one global rule.&nbsp;

steve_brown_882 · Answer

You can change the log settings on the default action without creating an explicit rule. There is a DB key that can be changed in TMSH for the Global/Route-Domain context along with one for the Virtual Server/SelfIP context. I would be sure that the log server can keep up prior to changing these keys but other than that you should be ok.&nbsp;
Global Context - tmsh modify sys db tm.fw.globaldefaultrule.log value enable
VS Context - tmsh modify sys db tm.fw.defaultrule.log  value enable&nbsp;

brahim94_11525 · Answer

Hi Steve,&nbsp;
Thanks a lot for the feedback,&nbsp;
Best regards,&nbsp;

Forum Discussion

[AFM] Log implicite drop rule

5 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Protecting the F5 BIG-IP AFM system with AFM Protocol Inspection System Checks

Enriching AFM with public domain Threat Intelligence

Traffic Intelligence in AFM through Categories

BIG-IP AFM設定例-NAT

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two