Forum Discussion

Poseidon1974's avatar
Poseidon1974
Icon for Cirrostratus rankCirrostratus
Mar 15, 2023

SPLUNK

Hi ,

to exploit the logs of the F5 LTM, APM,  I would like to use, SPLUNK, and to avoid doing TCPDUMP on an environment of  F5, do you know which keywords I could use on splunk.

Thanks,

  • Poseidon1974 I don't believe you can have the level of detail on a SPLUNK server that you can on a tcpdump on the F5, you will receive log messages but nothing as informative as a tcpdump.

      • boneyard's avatar
        boneyard
        Icon for MVP rankMVP

        If that was the correct answer for you, please flag it as such.

        I totally agree on the answer btw, logging and tcpdump are different things. won't be possible to pull that traffic logging into Splunk.