Forum Discussion
Manohar_Mekala
Apr 25, 2021Altostratus
Hi Dario,
Almost there, thank you for pointing me in the right direction.... was not much fun looking up in flat files... :-).
Now on to figuring out the name for of the log table for https violations. the article seems to hint at the request logs...
- Apr 26, 2021
Hello Manohar.
These are the tables available:
# mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "SHOW TABLES FROM PRX" +-----------------------------------+ | Tables_in_PRX | +-----------------------------------+ | ACCEPTED_REQUESTS | | BOT_DEFENSE_ANOMALIES | | BOT_DEFENSE_ANOMALY_CATEGORIES | | BOT_DEFENSE_EVENT_LOG | | BOT_DEFENSE_EVENT_LOG_CLEARED | | BOT_DEFENSE_EVENT_LOG_PROPERTIES | | BOT_INCIDENTS | | BOT_INCIDENT_ANOMALIES | | BOT_INCIDENT_ANOMALY_CATEGORIES | | BOT_INCIDENT_SUPPORT_IDS | | BOT_INCIDENT_TOP_IPS | | BRUTE_FORCE_ATTACK_LOG | | BRUTE_FORCE_ATTACK_LOG_PROPERTIES | | BRUTE_FORCE_LEAKED_CREDENTIALS | | BRUTE_FORCE_LOGIN_PAGE_STATUS | | BRUTE_FORCE_MITIGATED_DEVICE_IDS | | BRUTE_FORCE_MITIGATED_IPS | | BRUTE_FORCE_MITIGATED_USERNAMES | | CLEANDB_LOG | | INCIDENTS | | INCIDENT_SUPPORT_IDS | | INCIDENT_TYPES | | PROXY_LOG_CONSUMERS | | REQUEST_LOG | | REQUEST_LOG_CLEARED | | REQUEST_LOG_PROPERTIES | | REQUEST_LOG_SYNC_FILES | | REQUEST_LOG_TAGS | +-----------------------------------+
And these are the incident types:
# mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "SELECT incident_type_id,incident_type_name,incident_type_display_name FROM PRX.INCIDENT_TYPES" +------------------+----------------------------+--------------------------------------------+ | incident_type_id | incident_type_name | incident_type_display_name | +------------------+----------------------------+--------------------------------------------+ | 1 | INFORMATION_LEAKAGE | Information Leakage | | 2 | MALICIOUS_SESSION | Malicious Session | | 4 | VULNERABILITY_SCAN | Vulnerability Scan | | 5 | DISALLOWED_SOURCE | Access from Malicious or Disallowed Source | | 6 | SERVER_SIDE_CODE_INJECTION | Server Side Code Injection | | 7 | COMMAND_EXECUTION | Command Execution | | 8 | DATA_TAMPERING | Data Tampering | | 9 | SESSION_HIJACKING | Session Hijacking | | 10 | AUTH_BYPASS | Authentication/Authorization Bypass | | 11 | MALICIOUS_CONTENT | Malicious Content | | 12 | MALICIOUS_SCAN | Malicious Scan | | 13 | THREAT_CAMPAIGN | Threat Campaign | +------------------+----------------------------+--------------------------------------------+
The rest of the work to deep into those SQL Tables.
Please, don't forget to mark my answer as "the best" to help other people to find it.
Regards,
Dario.