Last Modified: May 29, 2024
Affected Product(s):
BIG-IP FPS
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2
Fixed In:
15.0.0, 14.1.0.3, 13.1.1.3
Opened: Oct 03, 2018 Severity: 3-Major
There is no support for logging of login attempts to a remote service.
There is no support for logging of login attempts.
Using high speed logging (HSL) to log login attempts.
None.
FPS now uses HSL to report login attempts using configured templates, rate-limit, and publisher to a remote service. To enable this feature: # via tmsh only tmsh modify sys db antifraud.riskengine.reportlogins value enable # via tmsh or GUI tmsh modify sys db antifraud.internalconfig.string1 value "<login attempt log template>" tmsh modify sys db antifraud.internalconfig.string2 value "<log-rate-exceeded log template>" tmsh modify sys db antifraud.internalconfig.number1 value "<log-rate-exceeded threshold>" tmsh modify security anti-fraud profile <fps profile> risk-engine-publisher <publisher> It is recommended that you use encoding when composing an HTTP template. The default encoding level is 0, meaning 'never encode'. To change encoding level: tmsh modify sys db antifraud.internalconfig.number2 value <0/1/2>
FPS now includes the ability to perform High Speed Logging (HSL) of all login attempts to specific protected URLs. These events can be forwarded to remote services (e.g. SIEM Server), and, when enabled, can help indicate whether applications are under attack.