Forum Discussion

Nimbostratus

May 13, 2022

F5 logs

We feed out F5 logs into a SIEM and use for incident investigation. Currently the logs we get do not show cs information - all I get is the ss IP addresses. This makes it impossible to correlate IPS alerts with the source IP -- all I see is the ss IP addresses. Looking in the F5 logs only shows me the ss IPs which I already have from the IPS.

How can I get the F5 to show connection logs with the cs IP addresses as well as the ss IP addresses in the connectin logs we send to the SIEM?

Thank you

jaikumar_f5

security

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 logs

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

How to Integrate F5 Anti-Virus with Fortisandbox using ICAP

Adding a Second Subnet for Virtual Server IP's

Two Arm Deployment mode using PBR

APM URL Branching tolower

APM Access Policy|SSLVPN | SAML auth questionnaires

Related Content

CEF logs F5

Integrate F5 Distributed Cloud remote logging with ELK

How I did it - "Remote Logging with the F5 XC Global Log Receiver and Sumo Logic"

How I did it - "Remote Logging with the F5 XC Global Log Receiver and Elastic"

F5 remote logging server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS