Forum Discussion

mr_skater99_640's avatar
Icon for Nimbostratus rankNimbostratus
Sep 14, 2011

Remote syslog for ASM

Hi Guys.,



We're trying out ASM, and what we'd like to do is remote syslog just the ASM logs.



I got remote syslog working with the following command:



b syslog remote server 'foo' host add



Which is working - but its logging everything. I have looked around on here, and there is lots of stuff about remote syslog - but nothing that seems to answer my question (that i understand anyways) :)



Can someone point me in the right direction of possibly offer some advice?








3 Replies

  • Hello Mate, Create a logging profile in ASM event logging. Follow below procedure: 1. Go to Security ›› Event Logs ›› Logging Profiles 2. Create a logging profile, select Application Security 3. Select Remote Storage in the configuration section 4. Select protocol UDP (if you are using Syslog) and Add Syslog server Ip address and port number (default port number is 514) 5. Storage format select appropriate or All 6. Select request type according to the requirement. 7. Finish. That’s it. You will start getting the syslog for ASM module. It is not mandatory to have it enabled in the settings page. You can remove that remote logging configuration in the settings page , if you don’t need the ltm audit logs. Sample log: Sep 17 09:40:07 Sep 17 09:40:11 hostname ASM:"Information Leakage","2015-09-17 09:40:10","10.x.x.x","80","N/A","/Perf_Test/test_vs","N/A", Hope this helps. -Jinshu