Forum Discussion
ASM Security Events Log File
- Jun 21, 2017
Hello Alex,
Depending upon the type of logging profile you have applied to a certain virtual server, either all requests or illegal requests only will be logged to the Event Logs within mysql db and you can navigate through to 'Security ›› Event Logs : Application : Requests' in the Web GUI.
The decision to not log requests locally to /var/log/asm (local syslog, essentially) was as a result of a change in behavior introduced in 11.6.0 and above versions. This was intentional in order to help improve performance of the ASM in general. Its described in greater detail in K16053 article: https://support.f5.com/csp/article/K16053
Moreover, if you wish to log requests remotely to a Remote Syslog, Splunk or ArcSight, then you can do that by creating a custom Logging Profile with Remote Storage option.
Hello Alex,
Depending upon the type of logging profile you have applied to a certain virtual server, either all requests or illegal requests only will be logged to the Event Logs within mysql db and you can navigate through to 'Security ›› Event Logs : Application : Requests' in the Web GUI.
The decision to not log requests locally to /var/log/asm (local syslog, essentially) was as a result of a change in behavior introduced in 11.6.0 and above versions. This was intentional in order to help improve performance of the ASM in general. Its described in greater detail in K16053 article: https://support.f5.com/csp/article/K16053
Moreover, if you wish to log requests remotely to a Remote Syslog, Splunk or ArcSight, then you can do that by creating a custom Logging Profile with Remote Storage option.
Thanks Ashwin, I really appreciate your help for this question, i just want to know how it works for logging profile
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com