Analyse F5 syslogs

Question

Hi,
    We currently have our F5 syslogs going into our SIEM (QRadar).  I am not familiar with F5 and wanted to know what information we should be looking at from a security/risk perspective.

Thanks again.

youssef1 · Answer

Hi,&nbsp;
it depends on which logs you manage. and what are you sending&nbsp;
LTM: you can check audit logs and security logs:&nbsp;
https://support.f5.com/csp/article/K16197&nbsp;
You can also check in lTM logs reaping logs (due to excessive conssomation of memory and potentially a bug, an attack or other ...)&nbsp;
https://support.f5.com/csp/article/K15740&nbsp;
You can also configure a request logging on your VS to check some response logs (status 403...):&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-12-0-0/3.html&nbsp;
For ASM it's all logs security you can manage it on dashboard or on your SIEM....&nbsp;
Let me know if you need more details.&nbsp;
regards,&nbsp;

Forum Discussion

Analyse F5 syslogs

1 Reply

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Tcp syslog

F5 Sending syslogs with two hostname to remote syslog server

F5 Distributed Cloud - Listener Logic

F5 Python SDK Overview

Update BIG-IP system syslog config with python and bigrest