Forum Discussion

Nimbostratus

Dec 11, 2023

Multiline logs in F5 Big

I am trying to Audit F5 ASM Logs in SIEM platform. The issue is, it seems like F5 is storing some of the logs with multiline description: This makes it very difficult to parse in SIEM as they...

application delivery

devops

zamroni777

MVP

Dec 11, 2023

i guess they are in json or xml format.
if it is, the parser should not process them as plain text but as json/xml

Utkc137

Nimbostratus

Dec 12, 2023

I don't think so, here's a screenshot from F5 backend:

Any way to make F5 store these as a single line event?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Multiline logs in F5 Big

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

Changes to DO and AS3 GitHub - no longer monitored

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

Implementing BIG-IP WAF logging and visibility with ELK

Logging/Blocking possible prompt injection

Automating Certificate Management on F5 BIG-IP

Forwarding Logs to SIEM Tools via HTTP Proxy for F5 Distributed Cloud Global Log Receiver

What’s New in BIG-IQ v8.4.1?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS