Forum Discussion

Cirrus

Dec 02, 2020

Sent WAF event from BIG-IQ to Remote server ( SOC arcsight)

Dear all We had a BIG-IP System running WAF. At this time all event WAF log was sending to BIG-IQ. So. Do you know solution sent WAF event from BIG-IQ to Remote Sever ( SOC=arcsight) Note. One tim...

Cirrostratus

Dec 23, 2020

Hi,

you can send to both together.

TIP:

Create a Pool with your IP of ArcSight
Create Log Destination HighSpeed with the pool
Create Log Destination Remote Syslog with the HSL above
Inside of remote-logging-publisher of WAF, insert destination create above

See if works, for me works in QRadar

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Sent WAF event from BIG-IQ to Remote server ( SOC arcsight)

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Managing iRules configuration

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Related Content

What’s New in BIG-IQ v8.4.1?

F5 BIG-IQ What's New in v8.4.0?

What is BIG-IQ?

Get Started with BIG-IP and BIG-IQ Virtual Edition (VE) Trial

Re: Security Best Practices for BIG-IP & BIG-IQ systems

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS