Hi Emon_423837  ,

For Sending Security Logs yo BIG-IQ

1. Add BIG-IP to the BIG-IQ CM

2. Enable Web Application Security in BIG-IQ DCD

3. Configuration of the Security Log profile

4. Attach the log profile to the protected Virtual Servr

5. Monitoring Profiles from BIG-IQ

Can you please share the BOT Logging profile details.

Actually, the BIG-IQ DCD has a listening service in the 8514 port then we have to configure a log profile in the BIG-IP device to send events to the 8514 port.

Once it is configured, there will be security events in the BIG-IQ Central Management (CM) device, thus, we can already watch these logs for troubleshooting and applications visibility from BIG-IQ CM.

For more details could you plese check the link as follows:

https://techdocs.f5.com/en-us/bigiq-8-0-0/managing-bot-defense-using-big-iq/log-bot-defense-req-over-dcd.html

Have you 

Activate ASM Web Application Security events logging service for one or more BIG-IQ Data Collection Devices (DCD)

https://my.f5.com/manage/s/article/K51005651

Creating a DCD Pool

Define this pool in Log Destination

System >> Logs: Configuration : Log Destinations

System >> Logs: Configuration : Log Destinations

Now create one log destination for Splunk and here forward the destination to the previously created log destination

System >> Logs: Configuration : Log Destinations

Now check if you got 2 log destinations:

System >> Logs: Configuration : Log Destinations

Now create one log Publisher:

System >> Logs: Configuration :Log Publisher >> Log_pub_DCD

Can you check your logging profie and see if Bot protection is selected:

Select all the request log options of your choice

Save the logging profile

Attach/Assign this logging profile to the required Virtual Sever:

I am suspecting you may have missed this step, in case else check all the steps once again using the help of the screenshots I attached here:

After that hopefuy you can also see the logs in the Bot 

Hi  ,For Sending Security Logs yo BIG-IQ

1. Add BIG-IP to the BIG-IQ CM

2. Enable Web Application Security in BIG-IQ DCD

3. Configuration of the Security Log profile

4. Attach the log profile to the protected Virtual Servr

5. Monitoring Profiles from BIG-IQ

Can you please share the BOT Logging profile details.

Actually, the BIG-IQ DCD has a listening service in the 8514 port then we have to configure a log profile in the BIG-IP device to send events to the 8514 port.

Once it is configured, there will be security events in the BIG-IQ Central Management (CM) device, thus, we can already watch these logs for troubleshooting and applications visibility from BIG-IQ CM.

For more details could you plese check the link as follows:

https://techdocs.f5.com/en-us/bigiq-8-0-0/managing-bot-defense-using-big-iq/log-bot-defense-req-over-dcd.html

Have you 

Activate ASM Web Application Security events logging service for one or more BIG-IQ Data Collection Devices (DCD)

https://my.f5.com/manage/s/article/K51005651

Creating a DCD Pool , do not forget to metion the service port as 8514

Define this pool in Log Destination

System >> Logs: Configuration : Log Destinations

System >> Logs: Configuration : Log Destinations

Now create one log destination for Splunk and here forward the destination to the previously created log destination

System >> Logs: Configuration : Log Destinations

Now check if you got 2 log destinations:

System >> Logs: Configuration : Log Destinations

Now create one log Publisher:

System >> Logs: Configuration :Log Publisher >> Log_pub_DCD

Can you check your logging profie and see if Bot protection is selected:

Select all the request log options of your choice

Save the logging profile

Attach/Assign this logging profile to the required Virtual Sever:

I am suspecting you may have missed this step, in case else check all the steps once again using the help of the screenshots I attached here:

After that hopefuy you can also see the logs in the Bot 

Click o any log to see its details:

Bot Traffic Dashboard

Bot Traffic By Class

Bot Traffic By Status

Bot Traffic By Mitigation

Bot Traffic Analytics

Layer 7 Security Dashboard

HTH

F5 Design Engineer

🙏

Hi F5_Design_Engineer,

Thanks for given me your valuable time.

One Correction:

• You must add Splunk type log destination on log publisher, Not High Speed Log Destination. When I add HSLD profile on log publisher. Log publisher was invisible on logging profile.

One more info: Our network desing was wrong. We want to reach out BIG-IP to DCD through management interface that was the problem. Because F5 Big-ip traffic not in or out through management port.

Before :

After: