For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Evan_25555's avatar
Evan_25555
Historic F5 Account
Apr 09, 2014

Detecting and reporting LTM object configuration changes

From carefully reading all posts related to this subject it would appear that audit logging is the preferred way to detect configuration changes (versus diffing configs). Has anyone developed an eff...
application delivery
LTM
management
dickeypjeep_116's avatar
dickeypjeep_116
Icon for Cirrus rankCirrus
Apr 09, 2014

As to direct changes of the bigip.conf file, you will see the file load in the audit log (and who loaded it). Since direct edits to the bigip.conf are frowned upon in general, I'd think you would know someone made an unapproved edit whenever a tmsh load was issued.

 

As a side note, with mcpd audit logging set to 'verbose', you'll see every line in the configuration loaded when a tmsh load sys config is issued.