Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

KrishnaS's avatar
KrishnaS
Icon for Nimbostratus rankNimbostratus
Apr 12, 2026

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

Hello Team, We are working on adding ingestion support for F5 BIG-IP DNS and Audit logs into a SIEM, with the goal of normalising events to the OCSF standard. For other BIG-IP event types, we use Te...
security
jainzeel13's avatar
jainzeel13
Icon for Altocumulus rankAltocumulus
Apr 20, 2026

Hello Jeff_Granieri​

Thank you for sharing the bash script.

We’ve tested it and wanted to clarify: will this script convert all types of audit logs into JSON format? For example, if we have different categories such as authentication failure (have a message fields in which it's metioned that it failed to authenticate), authentication successes, and network-related audit logs etc, will the script handle and convert each of these log types correctly into JSON?

Jeff_Granieri's avatar
Jeff_Granieri
Icon for Employee rankEmployee
Apr 20, 2026

Hi jainzeel13​ ,

 

Its looking at   /var/log/audit.  You should test each audit message to confirm the script covers that you need.  Feel free to make any changes to adjustments as needed.