Forum Discussion

Nimbostratus

Jun 16, 2017

ASM Security Events Log File

We have ASM v12.1.2 , and we know that this versión doesnt log locally security events on /var/log/asm, my question is , where security events are logged? , i would think is a DB on my sql, because ...

ASM Advanced WAF

security

Ashwin_Venkat_1
Jun 21, 2017
Hello Alex,

Depending upon the type of logging profile you have applied to a certain virtual server, either all requests or illegal requests only will be logged to the Event Logs within mysql db and you can navigate through to 'Security ›› Event Logs : Application : Requests' in the Web GUI.

The decision to not log requests locally to /var/log/asm (local syslog, essentially) was as a result of a change in behavior introduced in 11.6.0 and above versions. This was intentional in order to help improve performance of the ASM in general. Its described in greater detail in K16053 article: https://support.f5.com/csp/article/K16053

Moreover, if you wish to log requests remotely to a Remote Syslog, Splunk or ArcSight, then you can do that by creating a custom Logging Profile with Remote Storage option.

Ashwin_Venkat

Employee

Hello Alex,

Depending upon the type of logging profile you have applied to a certain virtual server, either all requests or illegal requests only will be logged to the Event Logs within mysql db and you can navigate through to 'Security ›› Event Logs : Application : Requests' in the Web GUI.

The decision to not log requests locally to /var/log/asm (local syslog, essentially) was as a result of a change in behavior introduced in 11.6.0 and above versions. This was intentional in order to help improve performance of the ASM in general. Its described in greater detail in K16053 article: https://support.f5.com/csp/article/K16053

Moreover, if you wish to log requests remotely to a Remote Syslog, Splunk or ArcSight, then you can do that by creating a custom Logging Profile with Remote Storage option.

alex_luna_23167

Nimbostratus

Jul 03, 2017

We thought they were saved locally, but we already saw that it would have to configure remote syslog so that you can see the ASM events since in version before 11.6 they were saved locally

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM Security Events Log File

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 Security Podcasts

BIG-IQ RestAPI - retrieve customized Web Application Security Event Log

CSV to Address External Datagroup File

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS