09-Jun-2021 04:50
Hi everyone, I am looking for the cli command to modify security log profile in related VS. if there is, i would like to do this for my all Vs in bulk. Because it is so waste of time to doing this from gui one by one.
09-Jun-2021 08:38
You can check this:
https://clouddocs.f5.com/cli/tmsh-reference/v15/modules/security/security_log_profile.html
create security log profile "{{ asm_default_logging_profile }}" application replace-all-with
{ "{{ asm_default_logging_profile }}" { servers replace-all-with { <server_ip>:<port> } filter replace-all-with { request-type { values replace-all-with { illegal } } } logger-type remote logic-operation and protocol tcp remote-storage remote ma
ximum-entry-length 2k response-logging illegal format { fields { attack_type date_time dest_ip dest_port device_id geo_location http_class_name ip_address_intelligence ip_client ip_with_route_domain is_truncated management_ip_address method policy_a
pply_date policy_name protocol query_string request request_status response response_code route_domain session_id severity sig_ids sig_names sig_set_names slot_number src_port sub_violations support_id unit_hostname uri username violation_details vi
olation_rating violations virus_name websocket_direction websocket_message_type } } } }
Or try using rest-api or Big-IQ for mass change on many devices.
https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_security_log_profile_application.html
Example how to get idea on what to modify as you may use postman rest-api client:
https://devcentral.f5.com/s/question/0D51T00006i7kHo/how-to-get-asm-dos-and-logging-profiles-applied-to-a-virtual-server
https://clouddocs.f5.com/training/community/automation/html/class01/module1/lab2.html
