v11.5.3, ASM and Splunk

Question

Hi everyone,&nbsp;
Has anyone managed to get the remote logging profile on v11.5.3 working with the Splunk for F5 Security app ? The transformers don't seem to match the data and I can't seem to force the sourcetype correctly when I have a mixture of syslog data coming out of the same source.&nbsp;
M.&nbsp;

boneyard · Answer

it seems to behave relatively well with 11.6 for me when i just tested it. Top Attackers shows the data i expected. what is failing for you?&nbsp;
the second issue seems more a splunk one then BIG-IP i believe, perhaps you could do something with different ports?&nbsp;

mark_wallis_833 · Answer

Hi.&nbsp;
I think the latter problem is causing the former in my case. Can you confirm what 'sourcetype' is being applied to your ASM events for me ? I'll see if I can force it and make everything happier&nbsp;
Thanks
Mark&nbsp;

boneyard · Answer

sourcetype=asm_log&nbsp;

Forum Discussion

v11.5.3, ASM and Splunk

3 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Setting up F5 Telemetry Streaming with Splunk Cloud

How I did it - "Visualizing Data with F5 TS and Splunk"

ASM logs

ASM LOGS

File upload and ASM