Separate Event Logs

Question

Dear all,HelloI have a lot of logs F5 products in SIEM, Know I want to specify the logs of the Network Login Failed &amp; Change Configuration,.... In general, I want to separate the Audit logs from the others. Is it possible?Thank you for your help.

boneyard · Answer

at first glance that looks like a question for the forum of your SIEM, they can most likely suggest a filter or search to make this happen.

or do you want the F5 BIG-IP to only send specific logs?

rozh · Answer

Thanks boneyard for the tips.In fact, we have an internal SIEM , and I want to separate all the logs sent. For example, a system of locals or Audit.Because i want to detect Number of Login faill - Change config and etc.In your opinion , I should define a template or Filter from the syslog and detect details that want ?&nbsp;

ivan_chernenkii · Answer

Hello Rozh,&nbsp;For event logs you can configure remote logging profile on "Security&nbsp;››&nbsp;Event Logs : Logging Profiles" page with appropriate filter. e.g. "Login Result" only "failed"&nbsp;Thanks, Ivan

rozh · Answer

Dear Chernenkii ,Thaks you .🙏

ivan_chernenkii · Answer

If this resolves your issue, then please mark this question as resolved.

Forum Discussion

Separate Event Logs

5 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Log separation by event

iRule Event Order Flowchart

XC -Web Application Firewall - Exclude FQDN but log security events

Block IP Addresses With Data Group And Log Requests On ASM Event Log

export ASM event logs in csv format

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS