ASM Logs Override

Question

Hi All,
I'm trying to cut down on the amount of logs we sent through from ASM to our SIEM (LogRhythm - if anyone has any tips/help on log policies that'd be great, it's pretty rubbish out of the box)&nbsp;
Majority of ASM logs are for Attack Type "Non Browser Client" or specific URL's such as "/wp-login.php" and exchange autodiscovers... which i just dont need to log or report on. &nbsp;
Any way for me to drop these in ASM before they appear in the logs and get syslog'd to SIEM? An iRule perhaps ?&nbsp;

leonardo_souza · Answer

I had a look in the logging profiles, but does not look like you can do this with the log profile.
However, you can do that in the syslog itself.
You can apply a filter for those messages you don't want to see the logs, and it will not be sent to your server.&nbsp;
see this solution for more information:&nbsp;
https://support.f5.com/csp/article/K13333&nbsp;

Forum Discussion

ASM Logs Override

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

ASM logs

ASM LOGS

except ip from asm logging

BIGIP ASM audit logging

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log