Bug ID 853989: DOSL7 Logs breaks CEF connector by populating strings into numeric fields

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:

Opened: Nov 28, 2019

Severity: 3-Major


Dosl7 remote logger messages breaks ArcSight CEF connector when using ArcSight destination format. CEF Logs are dropped.


ArcSight server might be broken after getting dosl7 attack detection messages from the BIG-IP.


- ASM provisioned - Dos profile attached to a virtual server - Dos application protection enabled - Logging profile configured with ArcSight format attached to a virtual


BIG-IP iRule or another proxy can be used to intercept ArcSight messages and strip the a string portion from ArcSight numeric type fields.

Fix Information

Dosl7 code has been fixed and do not populate string to the ArcSight numeric type fields anymore.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips