Session Tracking in the ASM

Question

I want to implement the session tracking feature in the ASM by setting a session threshold. To determine this threshold I wanted to know how the ASM maintains state information. Is it through the TS cookie (Main ASM cookie) ? I see a session id in the event logs for ASM. Can I expose this session id to remote log server through an iRule for any violations ? This would help me calculate my threshold. Or should this be done through the Main ASM cookie ?

romani_2788 · Answer

Yes, ASM maintains state information with the Main ASM Cookie, the TS Cookie, and this is tied to the sessionID you see in the event logs. &nbsp;
I do not believe the sessionID itself is exposed via an irule however (see the page on ASM::violation_data), however, you should simply get this information logged remotely anyway when you use remote logging, without needing to extract it within an iRule. &nbsp;
Have a look at this manual on  Logging Application Security Events.&nbsp;

Forum Discussion

Session Tracking in the ASM

1 Reply

Recent Discussions

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

Related Content

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Link Tracking

APM - Track clicks on webtop resources

Ending an APM session when browser tab is closed

TLS Stateful vs Stateless Session Resumption