For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aviv's avatar
Aviv
Icon for Cirrus rankCirrus
May 27, 2021

bigip sending logs without being configured to send

i have configured bigip to send log to kibana syslog. i have deleted the setting. i still getting asm logs from the bigip.   i do not see the kibana setting at the bigip.   d u know what el...
application delivery
ASM Advanced WAF
BIG-IP
AlexBCT's avatar
AlexBCT
Icon for Cumulonimbus rankCumulonimbus
May 28, 2021

Hi Aviv,

 

Interesting one... Here is a list of all the location where you can configure logs to remote destinations that I can remember from the top of my head, maybe one of them is still configured;

  • ASM logs; Security ›› Event Logs : Logging Profiles
  • LTM logs (legacy); System ›› Logs : Configuration : Remote Logging
  • HSL logs; System ›› Logs : Configuration : Log Destinations
  • iRule legacy remote logging; look for something like "log 10.10.231.1 local0.info "Client Connected, IP: [IP::client_addr]"
  • iRule HSL logging; look for something like "set hsl [HSL::open -proto UDP -pool syslog_server_pool]"

 

If still no luck finding it, can you post a log message so we can see the formatting of the log message? it may give some clues as well.

 

Hope you find the culprit ;)