Forum Discussion

kris_52344's avatar
kris_52344
Icon for Nimbostratus rankNimbostratus
Apr 12, 2010

ASM & Splunk integration

hi,     i have installed & configure Splunk for F5, able to get LTM self-ip, source-ip etc. logs on splunk server. So, kindly provide any document or help to integrate ASM with Splunk? does it r...
app sec
BIG-IP Access Policy Manager (APM)
security
dbizzle_20930's avatar
dbizzle_20930
Icon for Nimbostratus rankNimbostratus
Mar 26, 2015

All you should have to do is define your remote logging options under system and define your inputs on Splunk. The F5 will automagically send anything that is standard syslog to that remote address. For ASM/APM you can collect data using High Speed Logging (HSL) or AVR and configure the publishers/destinations for each. Configure a pool(s) that has your indexer/port defined as a member or you could even create a VIP to handle load balancing between indexers if you wanted and your AVR/HSL destination could be a pool with the VIP address as its member.

 

  • mortoj_167568's avatar
    mortoj_167568
    Icon for Altocumulus rankAltocumulus
    Apr 20, 2016
    I am currently working on getting ASM logs over to both Splunk (syslog format) and ArcSight (CEF format) I found this link useful for understanding Field/Value/Description for Splunk and ArcSight as well as for creating Custom Logging Profiles Thought I'd share: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-4-0/10.html