Forum Discussion

Icon for Cirrus rank

Cirrus

Dec 02, 2020

Sent WAF event from BIG-IQ to Remote server ( SOC arcsight)

Dear all

We had a BIG-IP System running WAF. At this time all event WAF log was sending to BIG-IQ.

So. Do you know solution sent WAF event from BIG-IQ to Remote Sever ( SOC=arcsight)

Note. One time BIG-IP only use a manual Log profile.

Thanks all

Hung Hoang

ASM Advanced WAF

Dojs
Cirrostratus
Dec 23, 2020
Hi,
you can send to both together.

TIP:
Create a Pool with your IP of ArcSight
Create Log Destination HighSpeed with the pool
Create Log Destination Remote Syslog with the HSL above
Inside of remote-logging-publisher of WAF, insert destination create above

See if works, for me works in QRadar

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming