Forum Discussion
rodquin_211279
Nimbostratus
NimbostratusLogging traffic from span port
Hello,
I'm trying to log traffic coming from a SPAN port. The traffic is arriving properly to the F5 (if I do a tcpdump in the interface, I can see the traffic) but for some reason the F5 is not logging the traffic. Is there a special way to configure the F5 (BIG-IP)? I've searched in the documentation but I haven't found any kind of answer. Notice that I don't want the F5 to be a load balancer, I just want to it to alert in case of web attack. I've created a new profile of logging which logs all the traffic.
Can anyonw help me on this? I've tried different configs but no luck.
Thank you very much.
Regards.
steigman1978_87Hi Rodquin,
you had a look into https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13392.html?
cheers, Steigman
rodquin_211279Hello Steigman, First of all thank you very much for your quick response. :) What I want to do is the opposite thing, I mean, I want the F5 to act like an IDS. The F5 is receiving traffic from a SPAN port and I just want to generate an alert if it detects a web attack. Thank you very much. Regards.
- Kevin_Stewart
Employee
A bit confusing. An F5 BIG-IP is not an IDS, it's a proxy. ASM (the F5 web application firewall) does detect and alert/block web attacks, but it generally does so in a proxy configuration - where application traffic flows through the proxy to the web servers.
- rodquin_211279
Can anyone help me on this issue please? Thank you in advance. Regards.
