Apr 20, 2011

Logging HTTP traffic to Splunk

Im researching on how to log HTTP traffic via syslog to SPlunk server.


Im not sure where to start, but my basic approach is configuring the BigIP to send all syslog to the Splunk IP,, then configure an IRule later that captures the traffic and send it via syslog.



Has anybody done anything like this?


The first problem Im having is that I have Splunk listening for SYSLOG on port 2000 instead of 514 and I dont know how to change the BigIP so it send the syslog to that port.


