Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Michal06's avatar
Michal06
Icon for Altostratus rankAltostratus
Apr 17, 2025

Problem with sending BotDefense logs to remote server

Hi, I have a question about sending logs to a remote log-management server. When I want to create a bot defense logging profile, it doesn't offer me a remote server in the config menu, but only a l...
bigip
bot defense
logs
settings
Brandon_'s avatar
Brandon_
Icon for Employee rankEmployee
Apr 07, 2026

So there seems to be a gap in answering this. Before it gets too difficult it should be noted that remote logging for bot only supports Splunk format as a destination.

 

Environment

 

Not able to set up HSL for Bot Defense

Log Destinations, Log Publishers, Bot Defense Logging Profile

HSL for ASM/AdvWAF

 

Cause

 

Bot Defense only supports the splunk format destination

 

K15316506: How to send logs via High Speed Logging to Splunk

 

https://my.f5.com/manage/s/article/K15316506

 

K09439152: High Speed Logging (HSL) For Bot Defense

 

https://my.f5.com/manage/s/article/K09439152

Type: Specifies the type of log destination. Options are ArcSight, IPFIX (logs of IP traffic that are sent to an LTM pool of IPFIX collectors), Management Port, Remote High-Speed Log, Remote Syslog, and Splunk. (The Splunk format is a predefined format of key value pairs.) A table of settings appears below this field. The settings are customized for the log type.

 

The workaround is only if you do not have a Splunk formatted destination. But it will show up.

And of course you can use log stash to transform the log from Splunk to ELK in this scenario.