Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Logging HTTP traffic to Splunk

Hello guys

Im researching on how to log HTTP traffic via syslog to SPlunk server.
Im not sure where to start, but my basic approach is configuring the BigIP to send all syslog to the Splunk IP,, then configure an IRule later that captures the traffic and send it via syslog.

Has anybody done anything like this?
The first problem Im having is that I have Splunk listening for SYSLOG on port 2000 instead of 514 and I dont know how to change the BigIP so it send the syslog to that port.
Im running LTM 10.X on a 3600 box.

Thanks!!!

Manny
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
This article should help you: http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/155/LTM-942-Custom-Syslog-Configuration.aspx Click Here
0