You can view the alert log to see
detailed information on possible or actual attacks on your encrypted data.
-
On the Main tab, click .
The Data Protection log appears. The Data Protection log displays the
following alert information:
-
Timestamp: The date and time when the system
logged the alert information.
-
Host: The name of the host that logged the
alert information.
-
Client
IP: The IP address of the victim of the alert.
-
Event
URL: The URL of the site that was in use when the alert
was sent.
-
User
Name: The name of the client-side user who performed the
action that triggered the alert.
-
Event
Type: The type of the alert, which will be one of the following:
-
VCRYPT: Server-side Encryption Error
alerts. These alerts are created when the BIG-IP system detects
an error in the Application Layer Encryption component.
-
AJAX_VCRYPT: Encryption Alerts for the
Full AJAX payload. These alerts are created when the BIG-IP
system detects an encryption or decryption error in the full
AJAX payload.
-
JS_VCRYPT: Client-side Encryption Error
Alerts. These alerts are created when the BIG-IP DataSafe
JavaScript detects an error in the Application Layer Encryption
component.
-
COMPONENTS_VALIDATION: Server-side
Missing Components Alerts. These alerts are created when the
BIG-IP system detects missing BIG-IP DataSafe components on a
protected web page.
-
JS_MISSING_COMPONENTS: Client-side
Missing Components Alerts. These alerts are created when the
BIG-IP DataSafe JavaScript detects missing BIG-IP DataSafe
components on a protected web page.
-
Component: The alert sub-type.
-
To view additional information on an alert, click the More
Details link in the far-right column.
Clicking this link displays the following additional information on an
alert:
-
Defined Value: This is used only in Encryption
Staging Mode, when Component = VCRYPT_STAGING_MODE_FAILED. The parameter
name is displayed along with the type of problem, which will be either
MISMATCH or MISSING.
-
Resolved Value: This is used only in Encryption
Staging Mode, when Component = VCRYPT_STAGING_MODE_FAILED. The parameter
name is displayed along with the type of problem, which will be either
MISMATCH or MISSING.
-
Details: The information displayed here varies
depending on the alert type.
-
Additional Info: The information displayed here
varies depending on the alert type.
-
URL Name: The URL of the site from where the
alert was sent, as configured in the BIG-IP. This can differ from the
Event URL, for example if a wildcard URL was configured in the
BIG-IP.
-
Client IP Geolocation: The geographic location of
the client IP.
-
Transaction ID: An HTTP transaction ID generated
by AVR for the Risk Engine.
-
Guid: An internal ID generated by BIG-IP DataSafe
for identifying the user whose action generated the alert.
-
User Agent: The user's browser type and operating
system.
-
HTTP Referrer: The URL of the web page that was
visited just before the Alert URL was visited.
