Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

F5 ASM - Logging Traffic Learning

Hey team,

BIG-IP 12.1.3.5 Build 0.0.10 Point Release 5

Curious if ASM security policy Traffic Learning suggestions has logging, as in what user may have accepted what suggestion, deleted another, etc.

Also, if it has logging around security policy changes. I believe this does occur, but interested in if these (and the above logs, if they exist) can be syslog'd out. If that is the case, may need a quick run-down of where to turn on/expect this type of audit logging configuration.

Much appreciated!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

every single ASM policy change is logged including traffic learning suggestion acceptance and yes it is sysloged into /var/log/asm - simply search it for a keyword "audit".

0
Comments on this Answer
Comment made 4 months ago by gharrett.workun 2

Excellent thank you! Is there any option within the F5 to setup syslog to external IP/Syslog server/etc. or will it have to be SSH'd into F5 to get the log?

0