Forum Discussion

Nimbostratus

Feb 02, 2016

We have a Qradar remote server which wants to see logs which will allow them to trace traffic back to the source when traffic passes through the F5

Here is the current config of your remote logging: Log to a remote host destination d_loghost { udp("10.195.55.x" port(514)); udp("172.30.201.x" port(514) localip(172.30.27.x)); }; ...

LTM

security

RossVermette

Nimbostratus

Feb 02, 2016

Which module are you interested in monitoring with Qradar? If you're using ASM you will need to define a logging profile that uses tcp, as Qradar expects ASM traffic as tcp. For LTM logs then it would be standard syslog udp. There are also configs that need to be done on the qradar side to "catogorize and index" the log source correctly. Can you let us know what module logs you're interested in sending to qradar?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)