Manual Chapter :
Alert Logs
Applies To:
Show VersionsBIG-IP ASM
- 15.1.0
Alert Logs
Viewing the alert log
You can view the alert log to see
detailed information on possible or actual attacks on your encrypted data.
- On the Main tab, click.The Data Protection log appears. The Data Protection log displays the following alert information:
- Timestamp:The date and time when the system logged the alert information.
- Host:The name of the host that logged the alert information.
- Client IP:The IP address of the victim of the alert.
- Event URL:The URL of the site that was in use when the alert was sent.
- User Name:The name of the client-side user who performed the action that triggered the alert.
- Event Type:The type of the alert, which will be one of the following:
- VCRYPT:Server-side Encryption Error alerts. These alerts are created when the BIG-IP system detects an error in the Application Layer Encryption component.
- AJAX_VCRYPT:Encryption Alerts for the Full AJAX payload. These alerts are created when the BIG-IP system detects an encryption or decryption error in the full AJAX payload.
- JS_VCRYPT:Client-side Encryption Error Alerts. These alerts are created when the BIG-IP DataSafe JavaScript detects an error in the Application Layer Encryption component.
- COMPONENTS_VALIDATION:Server-side Missing Components Alerts. These alerts are created when the BIG-IP system detects missing BIG-IP DataSafe components on a protected web page.
- JS_MISSING_COMPONENTS:Client-side Missing Components Alerts. These alerts are created when the BIG-IP DataSafe JavaScript detects missing BIG-IP DataSafe components on a protected web page.
- Component:The alert sub-type.
- To view additional information on an alert, click theMore Detailslink in the far-right column.Clicking this link displays the following additional information on an alert:
- Defined Value:This is used only in Encryption Staging Mode, when Component = VCRYPT_STAGING_MODE_FAILED. The parameter name is displayed along with the type of problem, which will be either MISMATCH or MISSING.
- Resolved Value:This is used only in Encryption Staging Mode, when Component = VCRYPT_STAGING_MODE_FAILED. The parameter name is displayed along with the type of problem, which will be either MISMATCH or MISSING.
- Details:The information displayed here varies depending on the alert type.
- Additional Info:The information displayed here varies depending on the alert type.
- URL Name:The URL of the site from where the alert was sent, as configured in the BIG-IP. This can differ from the Event URL, for example if a wildcard URL was configured in the BIG-IP.
- Client IP Geolocation:The geographic location of the client IP.
- Transaction ID:An HTTP transaction ID generated by AVR for the Risk Engine.
- Guid:An internal ID generated by BIG-IP DataSafe for identifying the user whose action generated the alert.
- User Agent:The user's browser type and operating system.
- HTTP Referrer:The URL of the web page that was visited just before the Alert URL was visited.