Hello everyone,
I hope this message finds you well. I am currently using Logstash to process logs from F5 BIG-IP ASM. Initially, I had the input codec set to the default (UTF-8).
However, I've encountered an issue where the logs of detected attacks contain values set by attackers in query strings, among other places, which are not always in UTF-8 format. This results in errors due to the inability of the Logstash input codec to process these non-UTF-8 characters.
I'm reaching out to this knowledgeable community to inquire if anyone else has encountered a similar challenge while analyzing logs from BIG-IP ASM with Logstash. If so, what strategies or solutions have you implemented to overcome this issue?
Your insights and suggestions would be greatly appreciated as they could greatly assist in enhancing our log analysis process.
Thank you in advance for your time and assistance.
Best regards.