Forum Discussion
Amr_Ali
MVP
MVPconfigure custom log profile for F5 WAF
dears, I configured a custom log profile on F5 WAF, to send the logs for waf policy to Siem solution, but I have an issue as still no logs appear on Seim solution, how can I solve this issue
Hi Amr_Ali,
try this (replace the IP with the IP of your SIEM solution):
tcpdump -nni 0.0:nnnp host 192.168.100.100 and udp port 514If something goes from your BIG-IP to your SIEM, you will see it with the tcpdump. And you can confirm the issue is not on your side.
KR
Danielbtw. telnet is TCP, syslog is UDP. telnet is not a good test.
what SIEM is it SPLUNK or ARCSIGHT
Amr_AliMVP
MVPF5_Design_Engineer Yes it is Splunk, but the issue was solved from SIEM solution team side,