Forum Discussion
ASM Logging profile w/ Remote Storage
Hi guys,
In the configuration of the ASM logging profile, is it possible to add in Server Addresses field a Virtual Server IP address (associated to a syslog server pool) in order to benefit from Round Robin algorithm on the syslog pool servers ?
Regards
Hi Lidev,
As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.
Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html
But I think you can not do that for Application Security Logs itself.
No one has ever experienced this configuration ? I know that the use of VIP is possible in Remote Syslog Server List for Remote Logging part but is it also possible to do the same for ASM profile logging ?
Thank you for your feedback
Hi Lidev,
As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.
Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html
But I think you can not do that for Application Security Logs itself.
Hi Giorgi,
thank you for your answer and explanation, so I'm going to abandon this idea.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com