Forum Discussion
Multiline logs in F5 Big
I am trying to Audit F5 ASM Logs in SIEM platform.
The issue is, it seems like F5 is storing some of the logs with multiline description:
This makes it very difficult to parse in SIEM as they receive all the lines in reverse order:
This log is generated from: "Security ›› Application Security : URLs : Allowed URLs : Allowed HTTP URLs >> Create" action.
Is there any way to have the log description in single line?
- zamroni777Nacreous
i guess they are in json or xml format.
if it is, the parser should not process them as plain text but as json/xml- Utkc137Nimbostratus
I don't think so, here's a screenshot from F5 backend:
Any way to make F5 store these as a single line event?
Except setting a filter with a specific source and a destination that is a format like SIEM ELK, Splunk etc. I do not see way to to do it from F5 side.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com