cancel
Showing results for 
Search instead for 
Did you mean: 

F5 ASM Auditlogs for all Policy Changes apart from normal Login Logout details

Priyesh_MP
Nimbostratus
Nimbostratus

Dear Team,

 

Good day!

 

Can anyone confirm whether F5 ASM Auditlogs give information about configuration changes other than normal login logout data? Requirement is customer wants Auditlogs for all configuration changes also (like who has logged in and what changes he/she made etc.).

 

Thank you.

 

Best Regards,

Priyesh MP

1 ACCEPTED SOLUTION

Yoann_Le_Corvi1
Cumulonimbus
Cumulonimbus

Hi

 

Sorry for the delay. Admin/root are very likely to be linked.

Try creating a dedicated account.

 

Also what you are reading is the system audit log.

 

You also have the ASM Audit Log in Security -> Application Security -> Policy -> Audit -> Logs.

 

Yoann

View solution in original post

7 REPLIES 7

Yoann_Le_Corvi1
Cumulonimbus
Cumulonimbus

Hello

 

It does. It logs ever modification to the policy. That also include changes made by the policy builder itself.

URL, Response page, Attack signtature... and so on.

 

Yoann

Dear Yoann,

 

Thank you for your response. Is there any document available from F5 on this?

 

Best Regards,

Priyesh MP

Priyesh_MP
Nimbostratus
Nimbostratus

Dear Yoann,

 

Hope you are doing well!

 

Could you please provide me any document from F5 or any test results that you have on this?

 

Best Regards,

Priyesh MP

Priyesh_MP
Nimbostratus
Nimbostratus

Dear Team,

 

I could see the configuration changes in F5 ASM Auditlogs, as given below.

 

0691T000005oZdmQAE.png

 

Can anyone tell me why is it showing user as root when I made this configuration changes from GUI with admin account?

 

Thank you.

 

Best Regards,

Priyesh MP

Yoann_Le_Corvi1
Cumulonimbus
Cumulonimbus

Hi

 

Sorry for the delay. Admin/root are very likely to be linked.

Try creating a dedicated account.

 

Also what you are reading is the system audit log.

 

You also have the ASM Audit Log in Security -> Application Security -> Policy -> Audit -> Logs.

 

Yoann

Dear Yoann,

 

Thank you for your reply.

 

I got it. Will ASM forward ASM Audit Log in Security -> Application Security -> Policy -> Audit -> Logs to Syslog Server same like System Auditlogs? or it will only available locally in the device?

 

Best Regards,

Priyesh MP

Hi

I had a quick look, but it seems to be in the SM DB, not managed by syslog.

So as far as I can tell, it seems to be local only. Only illegal requests logs can be sent to syslog.

 

Yoann