Forum Discussion
Lidev
MVP
MVPASM Logging profile w/ Remote Storage
Hi guys, In the configuration of the ASM logging profile, is it possible to add in Server Addresses field a Virtual Server IP address (associated to a syslog server pool) in order to benefit from Ro...
Hi Lidev,
As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.
Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html
But I think you can not do that for Application Security Logs itself.
LidevMVP
MVPNo one has ever experienced this configuration ? I know that the use of VIP is possible in Remote Syslog Server List for Remote Logging part but is it also possible to do the same for ASM profile logging ?
Thank you for your feedback
Giorgi_GujabidzCirrus
Hi Lidev,
As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.
Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html
But I think you can not do that for Application Security Logs itself.
- Lidev
Hi Giorgi,
thank you for your answer and explanation, so I'm going to abandon this idea.