Forum Discussion

Nimbostratus

Nov 15, 2018

ASM Logging Best Practices

What are the best practices when logging? TCP/UDP? Key/Pair or CSV? What is the recommended maximum entry length? Thanks!

ASM Advanced WAF

security

samstep

Cirrocumulus

Nov 17, 2018

TCP is best if you need to make sure you don't lose any log data (a requirement in the financial sector for example).

Re: format etc. - all depends on the destination SIEM system where you send the logs. If you send your logs to Splunk for example (seems to be a popular choice these days) - there is a good article explaining the formatting of the fields and other settings here:

https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup

I hope this helps

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM Logging Best Practices

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Hands-On Quantum-Safe PKI: A Practical Post-Quantum Cryptography Implementation Guide

Security Best Practices for F5 Products

Cipher Suite Practices and Pitfalls

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS