Forum Discussion

Manny_Mora_5745's avatar
Manny_Mora_5745
Icon for Nimbostratus rankNimbostratus
Apr 20, 2011

Logging HTTP traffic to Splunk

Hello guys

 

 

Im researching on how to log HTTP traffic via syslog to SPlunk server.

 

Im not sure where to start, but my basic approach is configuring the BigIP to send all syslog to the Splunk IP,, then configure an IRule later that captures the traffic and send it via syslog.

 

 

Has anybody done anything like this?

 

The first problem Im having is that I have Splunk listening for SYSLOG on port 2000 instead of 514 and I dont know how to change the BigIP so it send the syslog to that port.

 

Im running LTM 10.X on a 3600 box.

 

 

Thanks!!!

 

 

Manny

 

  • This article should help you: http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/155/LTM-942-Custom-Syslog-Configuration.aspx Click Here