Forum Discussion

Priyesh_MP's avatar
Priyesh_MP
Icon for Nimbostratus rankNimbostratus
Jan 16, 2020

F5 ASM Auditlogs for all Policy Changes apart from normal Login Logout details

Dear Team,   Good day!   Can anyone confirm whether F5 ASM Auditlogs give information about configuration changes other than normal login logout data? Requirement is customer wants Auditlogs ...
ASM Advanced WAF
BIG-IP
Security
  • Yoann_Le_Corvi1's avatar
    Yoann_Le_Corvi1
    Jan 23, 2020

    Hi

     

    Sorry for the delay. Admin/root are very likely to be linked.

    Try creating a dedicated account.

     

    Also what you are reading is the system audit log.

     

    You also have the ASM Audit Log in Security -> Application Security -> Policy -> Audit -> Logs.

     

    Yoann

Yoann_Le_Corvi1's avatar
Yoann_Le_Corvi1
Icon for Cumulonimbus rankCumulonimbus

Hi

 

Sorry for the delay. Admin/root are very likely to be linked.

Try creating a dedicated account.

 

Also what you are reading is the system audit log.

 

You also have the ASM Audit Log in Security -> Application Security -> Policy -> Audit -> Logs.

 

Yoann

Priyesh_MP's avatar
Priyesh_MP
Icon for Nimbostratus rankNimbostratus
Jan 23, 2020

Dear Yoann,

 

Thank you for your reply.

 

I got it. Will ASM forward ASM Audit Log in Security -> Application Security -> Policy -> Audit -> Logs to Syslog Server same like System Auditlogs? or it will only available locally in the device?

 

Best Regards,

Priyesh MP

  • Yoann_Le_Corvi1's avatar
    Yoann_Le_Corvi1
    Icon for Cumulonimbus rankCumulonimbus
    Jan 23, 2020

    Hi

    I had a quick look, but it seems to be in the SM DB, not managed by syslog.

    So as far as I can tell, it seems to be local only. Only illegal requests logs can be sent to syslog.

     

    Yoann