Bug ID 853989: DOSL7 Logs breaks CEF connector by populating strings into numeric fields

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Fixed In:
16.0.0

Opened: Nov 28, 2019
Severity: 3-Major

Symptoms

Dosl7 remote logger messages breaks ArcSight CEF connector when using ArcSight destination format. CEF Logs are dropped.

Impact

ArcSight server might be broken after getting dosl7 attack detection messages from the BIG-IP.

Conditions

- ASM provisioned - Dos profile attached to a virtual server - Dos application protection enabled - Logging profile configured with ArcSight format attached to a virtual

Workaround

BIG-IP iRule or another proxy can be used to intercept ArcSight messages and strip the a string portion from ArcSight numeric type fields.

Fix Information

Dosl7 code has been fixed and do not populate string to the ArcSight numeric type fields anymore.

Behavior Change