Forum Discussion
Audit WAF changes
- Sep 06, 2022
Hi,
Have you seen the ASM Audit log? (Security ›› Application Security : Audit : Log - This is the path in v16.1, in earlier versions, I believe you can find it under the History section)
This will contain the changes made, their username etc.
See here an example of one of my policies;
 
Hope this helps.
- Sep 06, 2022
You can find Audit logs for WAF policies in Security > Application Security > Policy > Audit > Log file. This is enabled by default if I recall correctly. You should also be able to see these logs in /var/log/asm file searching for USER_ACTIVITY.
For LTM module, you can configure logging in System > Logs > Configuration > Options, I believe tmsh and MCP audit logs are enabled by default and you can enable GUI audit logging as well. You'll find the logs in the /var/log/audit file or in System > Logs > Audit > List.
- Sep 07, 2022
Hello,
You can check the settings in System > Logs : Configuration : Options, and then check for the MCP option as per the below artice for the audit logs in general and check whether they are being logged or not.
(audit logging for BIG-IP configuration changes is enabled by default)
https://support.f5.com/csp/article/K58343253
And as Alex mentioned you can view it from the audit logs by accessing the GUI.
- Sep 08, 2022
you can enable gui-audit log at System ›› Logs : Configuration : Options
after change OS this option default value is disable
you can enable gui-audit log at System ›› Logs : Configuration : Options
after change OS this option default value is disable
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com