Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.4.1
Fixed In:
11.5.0 HF2, 11.5.0, 11.4.1 HF2
Opened: Nov 26, 2013 Severity: 3-Major Related Article:
K69585633
1) AFM ACL rule logs action = "Accept Decisively" for the firewall rule with action set to Allow Final. 2) When custom field logging is enabled, AFM still generates the ACL match logs with ALL fields for syslog format rfc5424
There is no impact: this is customer enhancement request.
1) AFM ACL rule action is set to Allow-final and logging is enabled. Firewall ACL rule log message shows action as 'Accept Decisively' (which is BigIP specific implementation) and may not be well understood by all log destinations. 2) Custom (selective) field logging is enabled in Security Log Profile and one of the log destination format is set to syslog rfc5424
This issue has no workaround at this time.
This release adds the ability to switch log messages with the action <uicontrol>Accept Decisively</uicontrol> to log with the action <uicontrol>Accept</uicontrol>, for better compatibility with some logging systems. Accept Decisively is still logged by default, but you can switch this behavior by setting the value for the db variable <codeph>tm.fw.log.action.acceptdecisiveasaccept</codeph> to <uicontrol>true</uicontrol>.