Forum Discussion

MVP

Sep 15, 2023

Solved

configure custom log profile for F5 WAF

dears, I configured a custom log profile on F5 WAF, to send the logs for waf policy to Siem solution, but I have an issue as still no logs appear on Seim solution, how can I solve this issue

F5 WAF

security

Daniel_Wolf
Sep 18, 2023
Hi Amr_Ali,

try this (replace the IP with the IP of your SIEM solution):

tcpdump -nni 0.0:nnnp host 192.168.100.100 and udp port 514

If something goes from your BIG-IP to your SIEM, you will see it with the tcpdump. And you can confirm the issue is not on your side.

KR
Daniel

btw. telnet is TCP, syslog is UDP. telnet is not a good test.

Amr_Ali

MVP

sure Mohamed, i checked the route and made telnet on port 514 to check the connectivity, but still there was no log appearance on Siem solution,

I just need to confirm that the issue is not From the F5 waf side,

Daniel_Wolf

MVP

Sep 18, 2023

Hi Amr_Ali,

try this (replace the IP with the IP of your SIEM solution):

tcpdump -nni 0.0:nnnp host 192.168.100.100 and udp port 514

If something goes from your BIG-IP to your SIEM, you will see it with the tcpdump. And you can confirm the issue is not on your side.

KR
Daniel

btw. telnet is TCP, syslog is UDP. telnet is not a good test.

Forum Discussion

configure custom log profile for F5 WAF

Recent Discussions

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

HIRE ADRIAN LAMO HACKER TO RECLAIM LOST CRYPTOCURRENCY

rSeries and tenant upgrades

redirect not working

cat and grep command for rst messages

Related Content

LTM 9.4.2+: Custom Syslog Configuration

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

custom response page for api

Configuring NGINX API micro-gateway to support Open Banking's Advanced FAPI security profile

SSL Profiles