Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Nov 30, 2023

Can BIG-IQ forward ASM event log which receive from BIG-IP to syslog server?

Hi

Right now we have all BIG-IP send ASM event log to BIG-IQ. 

Question is
Can BIG-IQ forward ASM event log which receive from BIG-IP to syslog server?

or I need to config on each BIG-IP to send ASM event log to both (BIG-IQ and syslog server) instead.

  • Most of the time I use MGMT interface to send the ASM logs to internal SYLOG server or any internal or external client SPLUNK or any other log servers

    Its best to export the ASM event log to both (BIG-IQ and syslog server) independently rather than first send the logs from ASM to BIGIQ and then from BIGIQ to SYSLOG, as there you have to select on BIGIQ what logs to export to SYSLOG as it may be getting logs from multiple LTMs / ASM or other BIGIP devices.

    Also there is a known issue that BIGIQ face issues sending logs to SYSLOG.

    BIG-IQ not sending logs to configured syslog server

    https://my.f5.com/manage/s/article/K000135937

    HTH

    🙏