Forum Discussion
AltostratusCEF logs F5
Hi,
After doing further research it looks like the ArcSight log format is only supported for AFM, ASM and SWG logs (and not system logs) which is why you do not see the option (as I assume you do not have any of these modules provisioned on your BIG-IP)ArcSight logging destination / ArcSight CEF format is only supported for modules AFM, ASM, and SWG components.
Kind regards,
Michael
AltostratusHello,
Thank you. I have tried to configure it this way but ArcSight log type is not available on my dropdown menu. I am on version 15.1.2.1, do you have any idea if F5 no longer supports Arcsight logs?
Thanks again
Hi,
That's interesting. My lab BIG-IP is on 17.1.2.1 and I can see the Arcsight option. Below is a screenshot:
What options do you see?- amelben
Hi,
These are the only options i have :
The only thing I can find that may explain this is the following where it states that ArcSight formatting is only available for logs coming from AFM, ASM and APM (I'm guessing that you do not have any of these modules installed?). However, this doc refers to v11.6.x so this information may be obsolete.
Important: ArcSight formatting is only available for logs coming from Advanced Firewall Manager (AFM), Application Security Manager™ (ASM), and the Secure Web Gateway component of Access Policy Manager® (APM®). IPFIX is not available for Secure Web Gateway. Remote Syslog formatting is the only type supported for logs coming from APM. The Splunk format is a predefined format of key value pairs.
In this situation, I would raise a Support Case with F5 to get clarification.
