LTM Logs to Remote Arcsight Server

Question

I'm trying to setup my Big IP v12.1.1 to send the LTM logs (/var/log/ltm) to a remote arcsight server using the CEF format.&nbsp;
I've got it setup to send security logs to the remote server using the CEF format, but cannot figure out how to send the LTM logs.&nbsp;
Any ideas on where to start?&nbsp;

yossiv · Answer

you need to use it as HSL 
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-3-0/2.html
and than you have log filter, you can choose what to forward to the logger &nbsp;

msmith1356_2932 · Answer

This article is stated to apply to version 11.3...i'm assuming there will be no change when working with v12.1.1?&nbsp;

yossiv · Answer

i am with 12.1.1
same working same way &nbsp;

writemike · Answer

Try this one:
Manual Chapter: Configuring Remote High-Speed Logging&nbsp;
If the only module you have provisioned is LTM, then you will need to look at using an iRule to do HSL Logging.&nbsp;
Intermediate iRules: High Speed Logging - Spray Those Log Statements!&nbsp;

Forum Discussion

LTM Logs to Remote Arcsight Server

4 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Share what you learned on DevCentral in 2025

Failing over Virtual F5 VE to DR location using Zerto

Unblock Request WAF

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over of a Virtual F5 configuration to another location using Zerto restore process

Related Content

Automated backup F5 configuration to remote server

F5 remote logging server

Oracle WebLogic Server – Remote Code Execution (CVE-2020-14882)

Integrate F5 Distributed Cloud remote logging with ELK

F5 MCP(Model Context Protocol) Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS