Forum Discussion

Lidev's avatar
Nov 09, 2020

ASM Logging profile w/ Remote Storage

Hi guys,

In the configuration of the ASM logging profile, is it possible to add in Server Addresses field a Virtual Server IP address (associated to a syslog server pool) in order to benefit from Round Robin algorithm on the syslog pool servers ?

 

Regards

 

  • Hi Lidev,

     

    As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.

     

    Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:

     

    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html

     

    But I think you can not do that for Application Security Logs itself.

  • No one has ever experienced this configuration ? I know that the use of VIP is possible in Remote Syslog Server List for Remote Logging part but is it also possible to do the same for ASM profile logging ?

     

    Thank you for your feedback

     

     

    • Hi Lidev,

       

      As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.

       

      Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:

       

      https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html

       

      But I think you can not do that for Application Security Logs itself.

      • Lidev's avatar
        Lidev
        Icon for MVP rankMVP

        Hi Giorgi,

        thank you for your answer and explanation, so I'm going to abandon this idea.