Forum Discussion
jsanchez_f5_376
Nimbostratus
NimbostratusASM Logging Best Practices
What are the best practices when logging? TCP/UDP? Key/Pair or CSV? What is the recommended maximum entry length? Thanks!
samstep
Cirrocumulus
CirrocumulusTCP is best if you need to make sure you don't lose any log data (a requirement in the financial sector for example).
Re: format etc. - all depends on the destination SIEM system where you send the logs. If you send your logs to Splunk for example (seems to be a popular choice these days) - there is a good article explaining the formatting of the fields and other settings here:
https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup
I hope this helps
