Configuration for sending LTM Traffic logs to SIEM server

Question

Hi,&nbsp;
Our security team need to send all the traffic logs from LTM to Logrhythm(SIEM solution). I have already configure the system logs messages on LTM which is not enough for them. Please respond if somebody know how do i send the traffic logs to Logrhythm server IP.&nbsp;
Your support will be highly appreciated.&nbsp;
Regards,&nbsp;

youssef1 · Answer

Hi,&nbsp;
I already set this kind of configuration with Arcsight (SIEM) and Splunk. In all the configuration that you have to deploy depends on what you want to log.&nbsp;
For send LTM/APM you can just set remote server (System  ››  Logs : Configuration : Remote Logging).&nbsp;
If you want to send ASM logs you can follow this KB:
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/12.html&nbsp;
you have several ways to send the logs, everything depends what you want to get back. can you give me you context please and what exaclty you want to send.&nbsp;
Keep in mind that all your VS don't generate logs. if you want that your VS generate W3C logs in order to send it to your remote syslog you have to create and set a "request logging".
...&nbsp;

Forum Discussion

Configuration for sending LTM Traffic logs to SIEM server

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

How I did it – Configure F5 Distributed Cloud to Send Alert Notifications to PagerDuty

F5 BIG-IP Advanced WAF – DOS profile configuration options.

F5 LTM SSL Bridging - send decrypted traffic to clone pool

iRule for sending traffic to a different pool based on the Hostname.

The TCP Send Buffer, In-Depth

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS