Forum Discussion

Dave_Noonan's avatar
Dave_Noonan
Icon for Cirrus rankCirrus
Sep 06, 2019

Access logging to Splunk with the Analytics iApp

We have the Analytics iApp setup and sending data to Splunk successfully. Now Security wants to see the equivalent of apache's access logs in Splunk.

 

I know the LTM doesn't do that by default and I've found lots of solutions involving iRules and HSL. Is there any VS access log solution involving the iApp?

 

Related to the above, we have a set of virtual servers named "Splunk-hec-forwarder-PROTOCOL-stage#". I didn't set up the iApp but they look very much like something it might have created. If so, can I use those forwarders with iRules to get the access logs to Splunk?

 

Thanks

 

===

Additional info: I've just realized that the VS named Splunk-hec-forwarder-syslog-stage1 doesn't do anything but run an iRule that does some processing and forwards it to a pool with 255.255.255.254 as the only member. I know it has a remote log server set up with that IP and I thought that was really weird but now I see that's the IP of all the Splunk VSs.

 

iApps
iRules
logging
security
No RepliesBe the first to reply