Last Modified: Feb 13, 2019
See more info
Known Affected Versions:
11.5.0 HF2, 11.5.0, 11.4.1 HF2
Opened: Nov 26, 2013
Related AskF5 Article: K69585633
1) AFM ACL rule logs action = "Accept Decisively" for the firewall rule with action set to Allow Final. 2) When custom field logging is enabled, AFM still generates the ACL match logs with ALL fields for syslog format rfc5424
There is no impact: this is customer enhancement request.
1) AFM ACL rule action is set to Allow-final and logging is enabled. Firewall ACL rule log message shows action as 'Accept Decisively' (which is BigIP specific implementation) and may not be well understood by all log destinations. 2) Custom (selective) field logging is enabled in Security Log Profile and one of the log destination format is set to syslog rfc5424
This issue has no workaround at this time.
This release adds the ability to switch log messages with the action <uicontrol>Accept Decisively</uicontrol> to log with the action <uicontrol>Accept</uicontrol>, for better compatibility with some logging systems. Accept Decisively is still logged by default, but you can switch this behavior by setting the value for the db variable <codeph>tm.fw.log.action.acceptdecisiveasaccept</codeph> to <uicontrol>true</uicontrol>.