Separate Event Logs

Question

Dear all,HelloI have a lot of logs F5 products in SIEM, Know I want to specify the logs of the Network Login Failed &amp; Change Configuration,.... In general, I want to separate the Audit logs from the others. Is it possible?Thank you for your help.

boneyard · Answer

at first glance that looks like a question for the forum of your SIEM, they can most likely suggest a filter or search to make this happen.

or do you want the F5 BIG-IP to only send specific logs?

rozh · Answer

Thanks boneyard for the tips.In fact, we have an internal SIEM , and I want to separate all the logs sent. For example, a system of locals or Audit.Because i want to detect Number of Login faill - Change config and etc.In your opinion , I should define a template or Filter from the syslog and detect details that want ?&nbsp;

ivan_chernenkii · Answer

Hello Rozh,&nbsp;For event logs you can configure remote logging profile on "Security&nbsp;››&nbsp;Event Logs : Logging Profiles" page with appropriate filter. e.g. "Login Result" only "failed"&nbsp;Thanks, Ivan

rozh · Answer

Dear Chernenkii ,Thaks you .🙏

ivan_chernenkii · Answer

If this resolves your issue, then please mark this question as resolved.

Forum Discussion

Separate Event Logs

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Log separation by event

AWAF - Do not log Geolocation violations from the Event Log

F5 Send email and snmp trap from LTM log event

BIG-IQ RestAPI - retrieve customized Web Application Security Event Log

Block IP Addresses With Data Group And Log Requests On ASM Event Log

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS