Analyse F5 syslogs

Question

Hi,
    We currently have our F5 syslogs going into our SIEM (QRadar).  I am not familiar with F5 and wanted to know what information we should be looking at from a security/risk perspective.

Thanks again.

youssef1 · Answer

Hi,&nbsp;
it depends on which logs you manage. and what are you sending&nbsp;
LTM: you can check audit logs and security logs:&nbsp;
https://support.f5.com/csp/article/K16197&nbsp;
You can also check in lTM logs reaping logs (due to excessive conssomation of memory and potentially a bug, an attack or other ...)&nbsp;
https://support.f5.com/csp/article/K15740&nbsp;
You can also configure a request logging on your VS to check some response logs (status 403...):&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-12-0-0/3.html&nbsp;
For ASM it's all logs security you can manage it on dashboard or on your SIEM....&nbsp;
Let me know if you need more details.&nbsp;
regards,&nbsp;

Forum Discussion

Analyse F5 syslogs

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Load Balancing TCP TLS Encrypted Syslog Messages

BIG-IP syslog include

BIG-IP to Process TLS Syslog Traffic

LTM 9.4.2+: Custom Syslog Configuration

remote SYSlog setup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS