How can I log access to BIGIP ?

Question

I'd like to log (and send to remote syslog server) every access (when and who is accessing) to the BIGIP.&nbsp;
&nbsp;I don't know where to begin, except searching through the forum but still unsuccessful...

hooleylist · Answer

Do you mean admin traffic to the BIG-IP's GUI or CLI interfaces, or client access which is being load balanced through the BIG-IP?&nbsp;
&nbsp;Aaron

arnaud_ciron_12 · Answer

I mean I want to log any operator accessing the BIGIP through the HTTS interface (just like ssh accesses are logged into /var/log/secure).

hooleylist · Answer

Access to the admin GUI is logged according to the syslog-ng.conf (/etc/syslog-ng/syslog-ng.conf).  You should see log entries in /var/log/httpd/ssl_access_log and ssl_request_log.  Depending on exactly how you want to handle the log entries, you could create a new filter, destination and log statement in the syslog-ng.  The filter would look for the string(s) which indicate a successful and/or failed login attempt.  Take a look at the existing syslog-ng.conf entries for some examples or give it a shot and reply with any questions.&nbsp;
&nbsp;Aaron

Forum Discussion

How can I log access to BIGIP ?

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Re: BigIP Report

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

BigIP Report Old

F5 BIGIP WAF AND F5 DNS

Securing APIs with BigIP