For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hussein_Ghazy's avatar
Hussein_Ghazy
Icon for Nimbostratus rankNimbostratus
Jul 15, 2014

F5 ASM Source Interface for Logging Profile

Hi All,

 

I created a logging profile for ASM. I specified the Remote logging server, port, etc..

 

I linked the logging profile with the virtual server. However, i was not able to receive any logs in my log server.

 

When i checked the traffic and the firewall between external, internal, and DMZ interfaces, i found that the logs messages go out from the external interface (Public IP Address) and trying to reach the internal network which is blocked by our firewall.

 

How can i specify the source interface that the logs created by the ASM will be sent with the source interface as either the management interface or the internet network interface.?

 

Thanks in advance:)

 

Regards Hussein

 

ASM Advanced WAF
deployment
security

4 Replies

  • Hussein_Ghazy's avatar
    Hussein_Ghazy
    Icon for Nimbostratus rankNimbostratus
    Jul 16, 2014

    Hi,

     

    Thank you for the article, it is clear.

     

    Do i execute the below command on both nodes or they will synchronize.

     

    bigpipe syslog include '"filter f_remote_loghost { level(warn..emerg);}; destination d_remote_loghost {udp(\"\" port(514) localip(\"\"));};log {source(local);filter(f_remote_loghost);destination(d_remote_loghost);};"'

     

    Regards Hussein

     

  • gsharri's avatar
    gsharri
    Icon for Altostratus rankAltostratus
    Jul 16, 2014

    The syslog configuration will synchronize between nodes.

     

    Be aware the the bigpipe command line utility is only available on v9.x and v10.x. If you are running v11.x you must use the equivalent traffic management shell (tmsh).