Forum Discussion

josephT_47657's avatar
josephT_47657
Icon for Nimbostratus rankNimbostratus
Feb 19, 2010

f5 ltm dashboard in splunk

Hello

 

Someone have sucessful send log to f5 ltm dashboard app offer by splunk

 

 

i have found any sample to do this.

 

 

Thanks
management
monitoring

5 Replies

Sort By
  • kris_52344's avatar
    kris_52344
    Icon for Nimbostratus rankNimbostratus
    Apr 12, 2010
    hi,

     

     

    i have intgrated F5 with splunk & able to get LTM logs but unable to get ASM logs.

     

    can u provide some document to integrate splunk with ASM?

     

     

    Thank You! in advance

     

    • Ashish_Malik_27's avatar
      Ashish_Malik_27
      Icon for Nimbostratus rankNimbostratus
      Dec 01, 2016

      Hi Kris,

       

      In order to get ASM logs you need to configure a logging profile which sends ASM logs to the remotes source. Syslog works for Splunk.

       

      I am sure you got an answer long back but the answer might help someone who stumbles upon this question.

       

      Thanks, Ashish

       

  • charlestips_149's avatar
    charlestips_149
    Icon for Nimbostratus rankNimbostratus
    Apr 15, 2010
    Same for us, we now have splunk but the dashboard does not work at all? It is sending some logs but doesnt seem to be the ones we want.

     

     

    we mostly get stuff like

     

     

    [ssl_req][15/Apr/2010:16:34:06 -0500] 1.1.1.1 TLSv1 DHE-RSA-AES256-SHA "POST /iControl/iControlPortal.cgi HTTP/1.1" 670

     

     

    Which to me seems like generic syslog, not the traffic stuff we want.
  • nlmisl_67648's avatar
    nlmisl_67648
    Icon for Nimbostratus rankNimbostratus
    Jun 10, 2014

    Anyone found any answer to this question. I am struggling to get this app working. But all efforts go in vain. I am also getting the same traffic that charlestips is getting. But not the real traffic. Please help.

     

  • Bob_Blair_10901's avatar
    Bob_Blair_10901
    Icon for Nimbostratus rankNimbostratus
    Jun 19, 2014

    There are three Splunk Apps available for BIG-IP. Each of them contain an instructions page for setting up the logs to be sent to Splunk from BIG-IP.

     

    1. Splunk for F5 Networks

       

      Includes views and reports for the AFM modules, Basic System messages, and Web Stats via an iRule for Virtual Servers with an HTTP Profile assigned.

       

      The logs for AFM are configured using the High Speed Logging feature with a Log Destination and a Log Publisher assigned to a Log Profile.

       

      More information found HERE on askF5.com

       

    2. Splunk for F5 Security

       

      This app contains views and reports for ASM and AVR module(s) logs. The setup instructions is a PDF file included with the App. tar. The file is named Creating-a-logging-profile-for-Splunk.pdf

       

    3. Splunk for F5 Access

       

      This app contains views and reports for the APM module logs. The instruction for configuring the BIG-IP logging can be found HERE on F5.com