LTM Logs to Remote Arcsight Server

Question

I'm trying to setup my Big IP v12.1.1 to send the LTM logs (/var/log/ltm) to a remote arcsight server using the CEF format.&nbsp;
I've got it setup to send security logs to the remote server using the CEF format, but cannot figure out how to send the LTM logs.&nbsp;
Any ideas on where to start?&nbsp;

yossiv · Answer

you need to use it as HSL 
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-3-0/2.html
and than you have log filter, you can choose what to forward to the logger &nbsp;

msmith1356_2932 · Answer

This article is stated to apply to version 11.3...i'm assuming there will be no change when working with v12.1.1?&nbsp;

yossiv · Answer

i am with 12.1.1
same working same way &nbsp;

writemike · Answer

Try this one:
Manual Chapter: Configuring Remote High-Speed Logging&nbsp;
If the only module you have provisioned is LTM, then you will need to look at using an iRule to do HSL Logging.&nbsp;
Intermediate iRules: High Speed Logging - Spray Those Log Statements!&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

LTM Logs to Remote Arcsight Server

4 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

Automated backup F5 configuration to remote server

F5 remote logging server

Oracle WebLogic Server – Remote Code Execution (CVE-2020-14882)

Integrate F5 Distributed Cloud remote logging with ELK

F5 MCP(Model Context Protocol) Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS