Larsende
commented
2 years ago Here is the log with request time and other time fields, the timestamp value is: 2022-07-01T22:10:55.000Z, request date/time is: Jul 01 2022 08:10:55: SumoLogic receipt time: 11:10:55 EST, and LogTime is: 4:07:58 AM.
{ hostname : "ip-10-1-1-9.us-west-2.compute.internal", bigip_mgmt_ip : "10.1.1.9", bigip_mgmt_ip2 : "::", client_ip : "10.1.10.10", client_ip_geo_location : "N/A", client_port : "60625", client_request_uri : "/opencart/index.php", configuration_date_time : "Jul 01 2022 08:07:58", context_name : "/opencart/Shared/opencart.vs", context_type : "Virtual Server", dest_ip : "10.1.10.5", dest_port : "80", device_product : "Application Security Module", device_vendor : "F5", device_version : "pgo_use x86_64 vadc TMM Version 16.1.2.2.0.0.28 ", errdefs_msgno : "23003147", http_method : "GET", http_protocol_indication : "HTTP", http_protocol_info : "HTTP/1.0", route_domain : "0", timestamp : "2022-07-01T22:10:55.000Z", virtual_server_name : "/opencart/Shared/opencart.vs", device_id : "N/A", host : "10.1.10.5", request_date_time : "Jul 01 2022 08:10:55", profile_name : "/Common/bot_block", support_id : "7285653917281551089", request_status : "bot_signature", action : "alarm", reason : "", previous_action : "None", previous_support_id : "N/A", previous_request_date_time : "N/A", bot_signature : "/Common/CatchBot", bot_signature_category : "/Common/Crawler", bot_name : "CatchBot", session_id : "0", class : "Untrusted Bot", anomaly_categories : "N/A", anomalies : "N/A", additional_bot_signatures : "N/A", micro_service_name : "N/A", micro_service_type : "N/A", micro_service_matched_wildcard_url : "N/A", micro_service_hostname : "N/A", configured_mitigation_action : "Alarm", configured_mitigation_action_reason : "/Common/CatchBot", actual_mitigation_action : "Alarm", actual_mitigation_action_reason : "None", browser_configured_verification_action : "None", browser_actual_verification_action : "None", browser_actual_verification_action_reason : "None", captcha_status : "None", browser_verification_status : "None", device_id_status : "None", device_id_action : "None", previous_initiated_action : "None", previous_initiated_action_status : "None", new_request_status : "Alarmed", enforced_by : "Profile Mitigation and Verification Settings", mobile_is_app : "false", challenge_failure_reason : "", classification_reason : "", client_type : "Bot",
Enable Bot logging on WAF policy and configure to send to telemetry streaming. Data arrives into SumoLogic but when searching for last 15 minutes does not appear in search logs. If I change the search settings to "use Receipt time" and search with last 15 minutes logs appear. Only seems to be Bot logs and not WAF logs doing this.