Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Apr 09, 2017 Severity: 2-Critical Related Article:
K49102057
A transient error may appear in bd.log and asm.log shortly after a Signature Set is newly associated with a security policy. In bd.log, the messages appear similar to the following: ECARD_POLICY|ERR |Apr 09 01:00:23.205|24966|attack_patterns.cpp:0027|signature collection with id: 13 doesn't exist ATTACK_SIG|ERR |Apr 09 01:00:23.205|24966|attack_patterns_funcs.cpp:0083|Signature collection id: 13 Can't be acquired In asm.log, the messages appear similar to the following: info perl[20236]: 01310053:6: ASMConfig change: Policy Signature Set High Accuracy Detection Evasion Signatures [add]: Alarm was set to enabled. Policy Signature Set Name was set to High Accuracy Detection Evasion Signatures. Block was set to enabled. Learn was set to enabled. { audit: policy = /Common/policy2, username = admin, client IP = 192.168.188.44 } info perl[20236]: 01310053:6: ASMConfig change: Policy Signature Set High Accuracy Signatures [add]: Alarm was set to enabled. Policy Signature Set Name was set to High Accuracy Signatures. Block was set to enabled. Learn was set to enabled. { audit: policy = /Common/policy2, username = admin, client IP = 192.168.188.44 }
A transient error may appear in bd.log and asm.log.
A Signature Set is newly associated with a security policy.
None.
No errors appear in in bd.log after a Signature Set change.