Forum Discussion

Nimbostratus

Dec 22, 2022

Solved

What is the best log Log Analysis Tool for F5 AFM/APM?

At the moment we use Graylog as a Log Analysis Tool. But we are not happy with it. Very difficult to install and to maintain when you are not a linux freak. After updating our Linux System Graylog i...

devops

event

Nikoolayy1
Dec 25, 2022
If you have many F5 devices, you may consider using the F5 BIG-IQ central managment platform as it can collect statistics and manage many F5 devices with all their modules like AFM/APM. BIG-IQ with DCD can monitor your LTM/APM. There is a trial version of BIG-IQ or you can ask the F5 sales for a Demo to see if it is what you want and need

https://techdocs.f5.com/en-us/bigiq-8-1-0/big-iq-monitoring-and-reports/configuring-statistics-collection.html

Other options that were already mentioned to you are SIEM solutions like QRadar or Splunk but for a small company ELK is also an option as there is a free option and if you want vendor support then you pay for it. With the SIEM solutions you may need to build dashboards for AFM and APM as F5 has pluggins for most SIEM solution but primary for LTM/ASM(AWAF) and BIG-IQ already has prebuild dashboard.

https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-guides.html

https://www.elastic.co/security/siem

Nikoolayy1

MVP

Dec 25, 2022

If you have many F5 devices, you may consider using the F5 BIG-IQ central managment platform as it can collect statistics and manage many F5 devices with all their modules like AFM/APM. BIG-IQ with DCD can monitor your LTM/APM. There is a trial version of BIG-IQ or you can ask the F5 sales for a Demo to see if it is what you want and need

https://techdocs.f5.com/en-us/bigiq-8-1-0/big-iq-monitoring-and-reports/configuring-statistics-collection.html

Other options that were already mentioned to you are SIEM solutions like QRadar or Splunk but for a small company ELK is also an option as there is a free option and if you want vendor support then you pay for it. With the SIEM solutions you may need to build dashboards for AFM and APM as F5 has pluggins for most SIEM solution but primary for LTM/ASM(AWAF) and BIG-IQ already has prebuild dashboard.

https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-guides.html

https://www.elastic.co/security/siem

RedWave25

Nimbostratus

Oct 30, 2024

For anybody reading this don't waste your time with BIG IQ. It's not capable of any alerting. No custom alerts, no nothing. F5 says to use third party if you want to know when a member of your pool is down.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

What is the best log Log Analysis Tool for F5 AFM/APM?

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Can F5 restrict the file types transferred via FTP?

LTM issue Openning new web browser tab

SSO login for APM Profiles

SFP Port LEDs Blinking Yellow

Kerberos Authentication Failing for Exchange 2016 Behind F5 Cloud WAF

Related Content

How to Setup Shape Log Analysis in Fastly

Dyre Malware Analysis

Post-Breach Analysis: Sophistication and Visibility

F5 Labs Top CWEs, CWE OWASP Top Ten Analysis, & May 2025 CVE Trends

Packet Analysis with Scapy and tcpdump: Checking Compatibility with F5 SSL Orchestrator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS