For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Cirrus rank

Cirrus

Dec 02, 2020

Sent WAF event from BIG-IQ to Remote server ( SOC arcsight)

Dear all

We had a BIG-IP System running WAF. At this time all event WAF log was sending to BIG-IQ.

So. Do you know solution sent WAF event from BIG-IQ to Remote Sever ( SOC=arcsight)

Note. One time BIG-IP only use a manual Log profile.

Thanks all

Hung Hoang

ASM Advanced WAF

1 Reply

Dojs
Cirrostratus
Dec 23, 2020
Hi,
you can send to both together.

TIP:
Create a Pool with your IP of ArcSight
Create Log Destination HighSpeed with the pool
Create Log Destination Remote Syslog with the HSL above
Inside of remote-logging-publisher of WAF, insert destination create above

See if works, for me works in QRadar

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5