Forum Discussion
Manny_Mora_5745
Apr 20, 2011Nimbostratus
Logging HTTP traffic to Splunk
Hello guys
Im researching on how to log HTTP traffic via syslog to SPlunk server.
Im not sure where to start, but my basic approach is configuring the BigIP to send all syslog to the Splunk IP,, then configure an IRule later that captures the traffic and send it via syslog.
Has anybody done anything like this?
The first problem Im having is that I have Splunk listening for SYSLOG on port 2000 instead of 514 and I dont know how to change the BigIP so it send the syslog to that port.
Im running LTM 10.X on a 3600 box.
Thanks!!!
Manny
- JRahmAdminThis article should help you: http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/155/LTM-942-Custom-Syslog-Configuration.aspx Click Here
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects