Chris_Phillips
Mar 05, 2015Nimbostratus
Attack type in ASM::violation_data always blank
Howdy.
With an iRule logging ASM events over HSL, we use ASM::violation_data on 10.2.4. the 5th field, attack type, is apparently ALWAYS blank.
If I just do a log local0. [ASM::violation_data] and spoof a directory traversal I can see...
Mar 5 10:58:57 local/tmm1 info tmm1[4923]: Rule hsl_logging_irule : VIOLATION_ATTACK_SIGNATURE_DETECTED 4316674533163547263 str_apache_class Informational 10.123.45.6 {} blocked
Any clues??
Thanks
Chris