For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

May 13, 2022

F5 logs

We feed out F5 logs into a SIEM and use for incident investigation. Currently the logs we get do not show cs information - all I get is the ss IP addresses. This makes it impossible to correlate IPS alerts with the source IP -- all I see is the ss IP addresses. Looking in the F5 logs only shows me the ss IPs which I already have from the IPS.

How can I get the F5 to show connection logs with the cs IP addresses as well as the ss IP addresses in the connectin logs we send to the SIEM?

Thank you

1 Reply

Patrik_Jonsson
MVP
May 18, 2022
You could check out the logging iRule TimRiker wrote:

https://community.f5.com/t5/crowdsrc/performance-logging-irule-rule-http-log/ta-p/288612

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5