Using ASM violation details in an iRule
Hi,
I am writing an iRule to log all ASM violations to a remote syslog server. I am trying to get as much data as possible (what was the payload, what was the violation, etc). Based on the documentation here, I should be able to use [ASM::violation details] to get a "list of lists" that match what is being returned by [ASM::violation names].
However when I use [ASM::violation details] it returns a list of lists that doesn't map to the [ASM::violation names], at least not based on the example here: https://devcentral.f5.com/wiki/iRules.ASM__violation.ashx
This is what [ASM::violation details] returns:
{viol_index 10} {viol_name VIOL_XML_SCHEMA} {context URL} {object_data.object L2l0c21wbGFubmVyd3MvZGV2ZWxvcGVyLmFzbXg=} {staging 0} {content_profile_data.type XML} {content_profile_data.content_id 28} {content_profile_data.content_profile_id 200} {content_profile_data.buffer dGVtOmV4Y2VwdGlvblNvdXJjMmU=} {content_profile_data.index 214} {content_profile_data.location unknown} {content_profile_data.error_code 33} {content_profile_data.specific_desc {Malformed document - schema validation failed}} {content_profile_data.fault_detail {Element is not defined in schema}} {viol_index 11} {viol_name VIOL_XML_MALFORMED} {context URL} {object_data.object L2l0c21wbGFubmVyd3MvZGV2ZWxvcGVyLmFzbXg=} {staging 0} {content_profile_data.type XML} {content_profile_data.content_id 28} {content_profile_data.content_profile_id 200} {content_profile_data.buffer Pg==} {content_profile_data.index 258} {content_profile_data.location unknown}
How can I map between the data returned from violation names to this list? The only way I see is pulling the element which is at index $i + whatever I need from that list. So, for example, for the first item in violation names (where i = 0), if I want to get the specific_desc, I would need to lookup field $i+12...
Has anyone had experience with writing iRules that use [ASM::violation details] and can help me out? 🙂
Thanks, Dan