Forum Discussion

SDnath_82757's avatar
SDnath_82757
Icon for Nimbostratus rankNimbostratus
Aug 21, 2015

Even i am trying to integrate. Currently we see the log in McAfee ESM as unknown. McAfee says no issue at there end. If you have successfully integrated, please share some pointers.

 

  • Greg_130338's avatar
    Greg_130338
    Icon for Nimbostratus rankNimbostratus
    Aug 21, 2015
    The erc has device types for ltm apm and asm but all the rules apply to each one. So i just added my bigip internal ip address as a data source, enabled logging on ltm in system config and moved the default logging profile over from available on each apm policy. That seemed to capture and parse everything. What are your versions on bigip and esm?
  • Greg_130338's avatar
    Greg_130338
    Icon for Nimbostratus rankNimbostratus
    Aug 21, 2015
    Sorry i neant i just added bigip internal ip as f5 ltm and it encompassed all ltm apm and asm parsers
  • SDnath_82757's avatar
    SDnath_82757
    Icon for Nimbostratus rankNimbostratus
    Aug 24, 2015
    Is that the SIEM default F5 parsing rules were able to get the logs parsed. Is that all type of logs were visible to the Mcafee Siem