NimbostratusF5 syslog
Want to preface this with I have found quite a few articles for different sections of logging within F5, but really want to get a high level explanation of the differences and really, best practices on how to do syslog with F5.
Im running 11.5.3 and I know there is a section for syslog (System > Logs > Configuration) but I also know there is a whole section within ASM. My company recent just bought LogRythm for our syslog and they are requesting I send all logs to it. My question is, do I need to configure both spots? Are there more spots than just those two that I need to be aware of and configure?
There below are really my concerns and goals:
- All logs need to go to LogRythm. Things like device/system errors, changes to LTM, ASM, AFM, APM, etc.
- We need more ASM logs. Today, they roll over way to fast due to the amount of traffic. How do most of you handle this? Having ASM logs locally is a pretty big benefit that gets us insight and connections into disabling signatures or whatever else might need to be done.
- I would like to start getting alerts for VIP's/Pool members going down or offline. I assume those types of things will already be sent in the normal System syslogs? We could then set up email alerts or whatever else from LogRythm.
Thanks in advance! Im sure most of this is covered individually somewhere, but really havent ever found a holistic answer that covers all bases.
