Forum Discussion

Nimbostratus

May 05, 2010

Audit logging

Hi I've configured an external syslog, and I'm getting the syslog full of messages like this: httpd[12864]: 01070417:0: AUDIT - user admin - RAW: httpd(mod_auth_pa...

management

monitoring

jba3126

Cirrostratus

Jun 03, 2011

I tried this solution ( http://support.f5.com/kb/en-us/solutions/public/9000/400/sol9442.html) provided by F5 for filtering the Config Sync Detect events.

5/25/11

12:21:25.000 PM May 25 12:21:25 10.1.29.55 May 25 12:21:25 LAB-Practice-LB2 logger: [ssl_req][25/May/2011:12:21:25 -0400] 10.1.29.54 TLSv1 DHE-RSA-AES256-SHA "POST /iControl/iControlPortal.cgi HTTP/1.1" 437

host=10.1.29.55 LAB - NDC-PBN-TLP-LB2 Options| sourcetype=syslog Options| source=Syslogs Options

The problem with this solution is when you sync the configuration it overwrites the peer address being filtered.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Audit logging

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Logging/Audit Binary Execution?

BIGIP ASM audit logging

Auditing Security Policy Updates

Audit WAF changes

Quantum Computer decrypt RSA, Bitcoin PQC, Solidity audit tool, Meaningless threat

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS