June 11, 2018 at 12:03 pm #14532
I’m new working with ADC and logically also with A10 Network products. I’m having a hard work trying to understand what is configured and how it works. I just get four of them, no one here knows how it’s work or what is configured… I have some documentation but it’s not helpfull, and I have a lot of question. So, If any one can help me with this I really preciated some help.
Some of my questions are:
How can I define what type of attacks I want to log ? (WAF module)
What it does the class list? and the aFlex module?
What is the difference between them?
How can I send logs to an ftp server instead of a syslog?
How can I create the reports? is that possible with A10 Thunder?
Well, I have more questions but I thinks those are a good start point.
Thanks in advance for your help.June 14, 2018 at 12:31 am #14592
With the A10 WAF, all attacks and are automatically logged.
Within your WAF template you can configure if the qood requests (Successful WAF Requests) also need to be logged.
(this depends a bit on the version of ACOS you are running, I would advise to use 4.1.1 latest P release or higher)
Class-lists can be used for many things. So it really depends on your configuration.
In general class-lists contain a bigger number of IP addresses os string, and a process can quickly check if a particular source IP address, destination IP address, an IP address in a header of maybe a hostname, matches a class list, and then take action.
aFlex is a scripting language that you can bind to a service.
With aFlex you can create functionalities that are not available in a standard feature, you can basically do almost anything you want with the traffic passing through the A10.
In general you can not send logging information directly to an FTP server.
You can only do a backup of the system logs through FTP.
All other user data related logging, like WAF event logging, HTTP logging etc, needs to directly go to a syslog server.
Realise that temporarily storing these kinds of logs would slow down you system dramatically as it would require constant reading and writing of your log data. So usually all networking devices send logging information to Syslog servers.
What kind of reports are you looking for?
The A10 Thunder itself only provides real basic more management/operational Reporting information.
Depending on the application you could look into using the A10 Harmony Controller to provide more user/end-customer oriented reporting.
Maybe if you reach out to your A10 Business Partner or your A10 System Engineer you’ll get your answers faster if required.
Else, we’re happy to help through the forum.
DiederikJune 14, 2018 at 10:35 am #14602
Thanks a lot Diederik, your commet gave a good start point.!
Have a good day
You must be logged in to reply to this topic.