Forum Discussion
NimbostratusASM v11.6 with Splunk
Hi, i tried to integrated ASM to Splunk, created the log publisher, log destinations and logged profile for ASM and specify the remote server and still i can not see logs on the Splunk Server.
I follow this kb https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm_config_10/asm_sys_mgmt.html1028448
Another test using the irule https://devcentral.f5.com/questions/splunk-for-f5-networks-ltm-v11-irule, this test it works but i need to capture the alerts of attack of ASM, and the username on the request that generate the application, at the splunk i can't see the username of logins of the app.
Any ideas about this implementation?
Regards
2 Replies
Splunk has a F5BIGIP module that you can install that will process logs from ASM.
I haven't used it yet but will be soon. You configure a custom logging profile to map the ASM log data into a format for splunk to use.
Splunk has a F5BIGIP module that you can install that will process logs from ASM.
I haven't used it yet but will be soon. You configure a custom logging profile to map the ASM log data into a format for splunk to use.
