ASM Logs Override

Question

Hi All,
I'm trying to cut down on the amount of logs we sent through from ASM to our SIEM (LogRhythm - if anyone has any tips/help on log policies that'd be great, it's pretty rubbish out of the box)&nbsp;
Majority of ASM logs are for Attack Type "Non Browser Client" or specific URL's such as "/wp-login.php" and exchange autodiscovers... which i just dont need to log or report on. &nbsp;
Any way for me to drop these in ASM before they appear in the logs and get syslog'd to SIEM? An iRule perhaps ?&nbsp;

leonardo_souza · Answer

I had a look in the logging profiles, but does not look like you can do this with the log profile.
However, you can do that in the syslog itself.
You can apply a filter for those messages you don't want to see the logs, and it will not be sent to your server.&nbsp;
see this solution for more information:&nbsp;
https://support.f5.com/csp/article/K13333&nbsp;

Forum Discussion

ASM Logs Override

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

F5OS VLAN naming length restrictions

Related Content

ASM LOGS

ASM logs

Forwarding Logs to SIEM Tools via HTTP Proxy for F5 Distributed Cloud Global Log Receiver

BIGIP ASM audit logging

routing to splunk for asm logging

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS