Send only Audit logs to remote syslog

Question

Hi,&nbsp;
we have a qradar server where we will send the F5 logs to it. We only want the Audit logs to be sent to qRadar.&nbsp;
How can I filter what type of logs I sent to the remote syslog server (qradar), so we only send Audit logs to it.&nbsp;
Thanks a lot.&nbsp;
SANTS.&nbsp;

jrahm · Answer

Hi SANTS, in 11.6 (and earlier, though I don't know specifically which version it was introduced) you can create log filters, destinations, and publishers right in the GUI.&nbsp;
1st step: system-&gt;logs-&gt;configuration-&gt;log destination
2nd step: system-&gt;logs-&gt;configuration-&gt;log publisher 
3rd step: system-&gt;logs-&gt;configuration-&gt;log filters&nbsp;
If on earlier systems, you can configure in tmsh/syslogd as well (good info in this article)&nbsp;

sants_boy_18328 · Answer

Thanks a lot Jason. I am forced to use High-speed logging? (So I cannot use the management interface to send logging traffic?)?&nbsp;
thanks.&nbsp;
Regards,&nbsp;
SANTS&nbsp;

sants_boy_18328 · Answer

Thanks Jason, but when you press remote syslog, you are forced to put the High Speed Syslog afterwards.&nbsp;
How can I over pass this?&nbsp;
thanks.&nbsp;
SANTS&nbsp;

sants_boy_18328 · Answer

&nbsp;

jrahm · Answer

Right..but that just means you are using HSL under the hood of BIG-IP, if you select syslog formatting, it won't just be the RAW format typical of HSL. All that's required for that is to define a pool (can be one member-&gt;your syslog server) and then select it as your destination

Forum Discussion

Send only Audit logs to remote syslog

6 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Auditing Security Policy Updates

remote SYSlog setup

Audit WAF changes

F5 Sending syslogs with two hostname to remote syslog server

BIGIP ASM audit logging