ASM Bot Defence logs with CEF Format

Question

Hi all,I have&nbsp; a cluster with 2 BIG-IPs Ver 15.1.9.1 and i am using the modules LTM + WAF . I found out that WAF bot defence log is with the format Syslog.My SIEM can read CEF (ArcSight) so my question is if there is a way to change the Syslog format to CEF format or if there is possibility to add a unique identifier on the syslog logs of the Bot Defense so those can be read by the SIEM.Thanks

nikoolayy1 · Answer

Better see this&nbsp;Unable to select Arcsight publisher for bot defense remote logging (f5.com)&nbsp;and open a RFE with the F5 Sales people.

cpet · Answer

Thanks

Forum Discussion

ASM Bot Defence logs with CEF Format

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Bot defence profile on F5 ASM

export ASM event logs in csv format

Formatted Logging For W3c

X509 Subject Formatting

Import certificate as pfx format