Forum Discussion
Amr_Ali
MVP
MVPconfigure custom log profile for F5 WAF
dears, I configured a custom log profile on F5 WAF, to send the logs for waf policy to Siem solution, but I have an issue as still no logs appear on Seim solution, how can I solve this issue
Hi Amr_Ali,
try this (replace the IP with the IP of your SIEM solution):
tcpdump -nni 0.0:nnnp host 192.168.100.100 and udp port 514If something goes from your BIG-IP to your SIEM, you will see it with the tcpdump. And you can confirm the issue is not on your side.
KR
Danielbtw. telnet is TCP, syslog is UDP. telnet is not a good test.
Amr_AliMVP
MVPsure Mohamed, i checked the route and made telnet on port 514 to check the connectivity, but still there was no log appearance on Siem solution,
I just need to confirm that the issue is not From the F5 waf side,
Daniel_WolfMVP
MVPHi Amr_Ali,
try this (replace the IP with the IP of your SIEM solution):
tcpdump -nni 0.0:nnnp host 192.168.100.100 and udp port 514
If something goes from your BIG-IP to your SIEM, you will see it with the tcpdump. And you can confirm the issue is not on your side.
KR
Daniel
btw. telnet is TCP, syslog is UDP. telnet is not a good test.