Forum Discussion
Rob_75767
Nimbostratus
NimbostratusLogging registry lookup
Hi, please can anyone help?!
I have successfully created my policy to include a registry check to check for a specific software package we use. For audit purposes i would like to log/alert any c...
BT_90520Nimbostratus
NimbostratusFor session variables, belwo are what you may be interested in logging
- user name is "session.logon.last.username"
- result of registry check is "session.windows_check_registrys.$name.result" where 0 - Failure, 1 - Success, -1 - Invalid check expression
@ http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_config_10_2_0/apm_config_sessionvars.html105003
To view the access policy logs, view the /var/log/apm file from the BIG-IP command line.
But do note the below
http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11124.html
The default log level for the BIG-IP APM access policy log is Notice, which does not log session variables. Setting the access policy log level to Informational or Debug will cause the BIG-IP APM system to log session variables, but it will also add additional system overhead. If you need to log session variables on a production system, F5 Networks recommends setting the access policy log level to Informational temporarily while performing troubleshooting or debugging.
