For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

HGS-97-61's avatar
HGS-97-61
Icon for Nimbostratus rankNimbostratus
Nov 24, 2023

Telemetry streaming to Elasticsearch

Hi all I am following a couple of threads since I want to send ASM logging to Elasticsearch  like this one from Greg  What I understand is that I need to send an AS3 declaration and a TS declaratio...
asm
f5
security
Telemetry
HGS-97-62's avatar
HGS-97-62
Icon for Altostratus rankAltostratus
May 08, 2024

Hello Alex

Yes I was able with F5 support.

The best thing is to work with tmsh

Described here: https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/event-listener.html#requestlog

 

Start with the irule and work your way down.

After that you only need to create the listener like below

{

    "class": "Telemetry",

    "controls": {

        "class": "Controls",

        "logLevel": "debug"

    },

    "My_System": {

        "class": "Telemetry_System",

        "systemPoller": {

            "interval": "60"

        }

    },

    "My_Listener": {

        "class": "Telemetry_Listener",

        "port": 6514,

        "trace": true

    },

    "My_Consumer": {

        "class": "Telemetry_Consumer",

        "type": "Generic_HTTP",

        "trace": false,

        "host": "10.0.1.111",

        "protocol": "http",

        "port": 9570,

        "path": "/",

        "method": "POST",

        "headers": [

            {

                "name": "content-type",

                "value": "application/json"

            }

        ],

        "outputMode": "processed"

    }

}

 

 

 

Alex_Madjeski's avatar
Alex_Madjeski
Icon for Altocumulus rankAltocumulus
May 09, 2024

Thank you very much for responding, I really appreciate it.

 

I got everything in link configured.

I tried pushing the config you pasted above with Postman and got

code: 500

message: Unexpected string in JSON at position 576

referer: restnoded

  • HGS-97-62's avatar
    HGS-97-62
    Icon for Altostratus rankAltostratus
    May 09, 2024

    You can drop it in "as-is".

    You can change the name of the profile and other artifacts created if you want.

    But you make sure that you do everything consistently.

    In general just copy-and-paste.

     

     

    • Alex_Madjeski's avatar
      Alex_Madjeski
      Icon for Altocumulus rankAltocumulus
      May 13, 2024

      Thanks again for the help.  I really appreciate it!

  • HGS-97-62's avatar
    HGS-97-62
    Icon for Altostratus rankAltostratus
    May 09, 2024

    Indeed the start pushing professional services immediately.

    We seem to have had it.