Bug ID 439094: New option to log messages with firewall rule action "Accept Decisively" as "Accept" for compatibility

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.1

Fixed In:
11.5.0 HF2, 11.5.0, 11.4.1 HF2

Opened: Nov 26, 2013
Severity: 3-Major
Related AskF5 Article:
K69585633

Symptoms

1) AFM ACL rule logs action = "Accept Decisively" for the firewall rule with action set to Allow Final. 2) When custom field logging is enabled, AFM still generates the ACL match logs with ALL fields for syslog format rfc5424

Impact

There is no impact: this is customer enhancement request.

Conditions

1) AFM ACL rule action is set to Allow-final and logging is enabled. Firewall ACL rule log message shows action as 'Accept Decisively' (which is BigIP specific implementation) and may not be well understood by all log destinations. 2) Custom (selective) field logging is enabled in Security Log Profile and one of the log destination format is set to syslog rfc5424

Workaround

This issue has no workaround at this time.

Fix Information

This release adds the ability to switch log messages with the action <uicontrol>Accept Decisively</uicontrol> to log with the action <uicontrol>Accept</uicontrol>, for better compatibility with some logging systems. Accept Decisively is still logged by default, but you can switch this behavior by setting the value for the db variable <codeph>tm.fw.log.action.acceptdecisiveasaccept</codeph> to <uicontrol>true</uicontrol>.

Behavior Change