on
04-Dec-2022
17:00
- edited on
06-Feb-2023
12:09
by
LiefZimmerman
This technical article is useful for F5 XC users familiar with HTTP Load Balancer with WAF security and the implementation and use of the ELK Stack.
The focus is for F5 XC security logs integration with ELK exclusively.
F5 Distributed Cloud (XC) WAAP provides SaaS based services which consist of Web Application Firewall (WAF), API Security, Bot Defense, DDos Mitigation. The platform also provides centralized dashboard for management, monitoring service visibility and observability.
Even F5 XC platform has native dashboard for monitoring, many customers prefer to consolidate log/telemetry from various systems/platforms (including F5 XC) to their centralized SIEM system e.g., Splunk, QRadar, ELK, etc. For this reason, Global Log Receiver on F5 XC platform was released to fulfil the need.
The following is example use cases which make customer prefer to export F5 XC log to their centralized SIEM
Note: ELK deployment should be separated on each component (Elasticsearch, Logstash, Kibana) and apply HA configuration for resiliency if deployed on production environment. In this tutorial I just demonstrate how to integrate F5 XC with ELK so ELK on Docker was chosen for easy deployment.
Step:
git clone https://github.com/deviantony/docker-elk.git
to clone ELK stack files from github projectsudo docker-compose up -d
to start ELK stack in backgroundsudo docker ps
to check status of ELK stack containersStep:
Step:
Step:
F5 Distributed Cloud (XC) Services