Amr_Ali
Sep 15, 2023MVP
configure custom log profile for F5 WAF
dears,
I configured a custom log profile on F5 WAF, to send the logs for waf policy to Siem solution, but I have an issue as still no logs appear on Seim solution, how can I solve this issue
Hi Amr_Ali,
try this (replace the IP with the IP of your SIEM solution):
tcpdump -nni 0.0:nnnp host 192.168.100.100 and udp port 514
If something goes from your BIG-IP to your SIEM, you will see it with the tcpdump. And you can confirm the issue is not on your side.
KR
Danielbtw. telnet is TCP, syslog is UDP. telnet is not a good test.