Last Modified: Jul 12, 2023
Opened: Nov 28, 2019 Severity: 3-Major
Dosl7 remote logger messages breaks ArcSight CEF connector when using ArcSight destination format. CEF Logs are dropped.
ArcSight server might be broken after getting dosl7 attack detection messages from the BIG-IP.
- ASM provisioned - Dos profile attached to a virtual server - Dos application protection enabled - Logging profile configured with ArcSight format attached to a virtual
BIG-IP iRule or another proxy can be used to intercept ArcSight messages and strip the a string portion from ArcSight numeric type fields.
Dosl7 code has been fixed and do not populate string to the ArcSight numeric type fields anymore.