Forum Discussion
mr_skater99_640
Nimbostratus
NimbostratusRemote syslog for ASM
Hi Guys.,
We're trying out ASM, and what we'd like to do is remote syslog just the ASM logs.
I got remote syslog working with the following command:
b syslog remote server 'foo' host 10.20.20.1 add
Which is working - but its logging everything. I have looked around on here, and there is lots of stuff about remote syslog - but nothing that seems to answer my question (that i understand anyways) :)
Can someone point me in the right direction of possibly offer some advice?
Thanks,
Scotty
nitassEmployee
have you tried ASM logging profile?
mr_skater99_640So simple - i'll give that a try - thanks nitass!
JinshuCirrus
Hello Mate, Create a logging profile in ASM event logging. Follow below procedure: 1. Go to Security ›› Event Logs ›› Logging Profiles 2. Create a logging profile, select Application Security 3. Select Remote Storage in the configuration section 4. Select protocol UDP (if you are using Syslog) and Add Syslog server Ip address and port number (default port number is 514) 5. Storage format select appropriate or All 6. Select request type according to the requirement. 7. Finish. That’s it. You will start getting the syslog for ASM module. It is not mandatory to have it enabled in the settings page. You can remove that remote logging configuration in the settings page , if you don’t need the ltm audit logs. Sample log: Sep 17 09:40:07 Sep 17 09:40:11 hostname ASM:"Information Leakage","2015-09-17 09:40:10","10.x.x.x","80","N/A","/Perf_Test/test_vs","N/A", Hope this helps. -Jinshu