cancel
Showing results for 
Search instead for 
Did you mean: 

ASM Logging profile w/ Remote Storage

Lidev
MVP
MVP

Hi guys,

In the configuration of the ASM logging profile, is it possible to add in Server Addresses field a Virtual Server IP address (associated to a syslog server pool) in order to benefit from Round Robin algorithm on the syslog pool servers ?

 

Regards

 

1 ACCEPTED SOLUTION

Hi Lidev,

 

As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.

 

Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:

 

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html

 

But I think you can not do that for Application Security Logs itself.

View solution in original post

3 REPLIES 3

Lidev
MVP
MVP

No one has ever experienced this configuration ? I know that the use of VIP is possible in Remote Syslog Server List for Remote Logging part but is it also possible to do the same for ASM profile logging ?

 

Thank you for your feedback

 

 

Hi Lidev,

 

As I know there no such functionality for Application Security logs (as there you can only put IP address manually for your remote logging server). But you can do it for DoS protection and Bot Defense logs.

 

Its a little bit tricky to do that for the first time. First you have to create pool of your remote syslog servers in LTM, then you have to create new Log Destination of Remote HSL type (which forwards the logs to the pool you've just created), then you should create one more log destination (but this time it'll be syslog type) which will forward logs to HSL type Log destination that you've just created. And finally you have to create log publisher, which will forward logs to the log destination you've created in the last step. Now you can use this log publisher in your ASM log profile to forward DoS and Bot Defense logs. Here is the link, that describes everything in more details:

 

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-13-0-0/7.html

 

But I think you can not do that for Application Security Logs itself.

Hi Giorgi,

thank you for your answer and explanation, so I'm going to abandon this idea.