Forum Discussion

Rozh's avatar
Icon for Nimbostratus rankNimbostratus
Jun 20, 2020

Separate Event Logs

Dear all,Hello

I have a lot of logs F5 products in SIEM, Know I want to specify the logs of the Network Login Failed & Change Configuration,....

In general, I want to separate the Audit logs from the others. Is it possible?

Thank you for your help.

5 Replies

  • at first glance that looks like a question for the forum of your SIEM, they can most likely suggest a filter or search to make this happen.


    or do you want the F5 BIG-IP to only send specific logs?

  • Rozh's avatar
    Icon for Nimbostratus rankNimbostratus

    Thanks boneyard for the tips.

    In fact, we have an internal SIEM , and I want to separate all the logs sent. For example, a system of locals or Audit.

    Because i want to detect Number of Login faill - Change config and etc.

    In your opinion , I should define a template or Filter from the syslog and detect details that want ?


  • Hello Rozh,


    For event logs you can configure remote logging profile on "Security ›› Event Logs : Logging Profiles" page with appropriate filter. e.g. "Login Result" only "failed"


    Thanks, Ivan