Forum Discussion
Is the Entuity system logging into the BIG-IP itself, or is is logging into the web portal and the BIG-IP is load-balancing that? If it is the latter, is the attack signature match coming from ASM? If it is from ASM, you can select only one destination type (local or remote) for each type via a logging profile for the Virtual Server. You could set logging local, then modify the local syslog-ng to use syslog configuration matching to send a subset remotely. I, however, recommend strongly against this because you are pushing this load to the BIG-IP control plane, and syslog-ng on the BIG-IP is not designed for high volume logging. It is generally best to filter them on the syslog receiver rather than BIG-IP. I believe that is what jaikumar_f5 was proposing.
I don't know of a way to coerce the normal ASM remote logging to divide messages in the way you wish.