F5 ASM Log Forwarding

Question

I created a log forwarding profile where its pointing at the graylog box on port 514 (udp) and set up the format, etc and then applied it to the virtual server but I don't see anything coming into the syslog server. I have restart the syslog on the box and failed over to the other F5 and its still not sending any logs. Even doing a netstat (netstat -pan | grep syslog) I don't see anything trying to leave either F5 just localhost stuff. Is there anything I'm missing? I feel like there isn't' anything obvious.

psfletchthetek · Answer

Hi,So just to double check.You have a pool and pool member setup.Which links to your destiantion.Which links to your Publisher?And the config has the relevent security tick boxes ticked to ensure the correct logs are sent to the remote log source?And then that publisher is linked to the virtual server in the security settings?If that doesn't make sense let me know and i'll take some screen shots of my config for you. ASM logging is a bit all over the place unfortunately!&nbsp;

gajji · Answer

https://support.f5.com/csp/article/K86480148https://support.f5.com/csp/article/K21709934Follow this article should resolve your issue.

psfletchthetek · Answer

Hi,Just be careful, those articles talk about general logging focused at the LTM side.ASM logging works slightly differently.

Forum Discussion

F5 ASM Log Forwarding

3 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

ASM logs

except ip from asm logging

Security event logs forwarding

BIGIP ASM audit logging

X-Forwarded-For Log Filter for Windows Servers