IP-Intelligence logs not pushed to SIEM(splunk)

Question

Hi,&nbsp;
is there a possibility to send the IP-Intelligence log to a SIEM product (splunk)?
Within the F5-iApp (
https://www.f5.com/pdf/deployment-guides/f5-analytics-dg.pdf
)
we don't see the IP-Intelligence log information, but there are definitly logs available within the f5-GUI? &nbsp;
Is there anything special/rule/..-setting necesssary we can activate, that this logs are also pushed to central SIEM solution?&nbsp;
Best Regards 
Martin&nbsp;

charlescs · Answer

On a per-virtual server basis, you will need to assign a logging profile which has Network Firewall enabled, and the IP Intelligence publisher set to your SIEM publisher. Note that none of the system-provided logging profiles are configured in this manner, so you will need to create a custom logging profile.

Forum Discussion

IP-Intelligence logs not pushed to SIEM(splunk)

1 Reply

Recent Discussions

Transaction looks successful but file not downloading

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

The Power of IP Intelligence (IPI)

IP-Intelligence and IP-Shunning

About IP intelligence

Malicious Partner IP by IP Intelligence

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers