Last Modified: Sep 27, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4
Opened: Sep 13, 2024 Severity: 3-Major
Protocol inspection in the security log profile was not activated/enabled when First log profile with Empty publisher is already attached to the virtual server.
Inconsistency in configuration behavior.
1. Create a first Protocol Inspection log profile (for example, Empty log publisher) and attach to virtual server (VS). 2. Create a second Protocol Inspection log profile (for example, local-db) and attach to VS. 3. Event logs not shown on local db which is not expected. Therefore, the protocol inspection log profile attached later to the virtual server is not effective.
Run the below command to detach the profiles from virtual server (VS) and attach the required log profile first. tmsh modify ltm virtual <VS Name> security-log-profiles none
None