cancel
Showing results for 
Search instead for 
Did you mean: 

F5 logs

seekeroftruth
Nimbostratus
Nimbostratus

We feed out F5 logs into a SIEM and use for incident investigation. Currently the logs we get do not show cs information - all I get is the ss IP addresses. This makes it impossible to correlate IPS alerts with the source IP -- all I see is the ss IP addresses. Looking in the F5 logs only shows me the ss IPs which I already have from the IPS. 

How can I get the F5 to show connection logs with the cs IP addresses as well as the ss IP addresses in the connectin logs we send to the SIEM?

Thank you

1 REPLY 1