Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

F5 logs

seekeroftruth
Nimbostratus
Nimbostratus

‎13-May-2022 10:43

We feed out F5 logs into a SIEM and use for incident investigation. Currently the logs we get do not show cs information - all I get is the ss IP addresses. This makes it impossible to correlate IPS alerts with the source IP -- all I see is the ss IP addresses. Looking in the F5 logs only shows me the ss IPs which I already have from the IPS. 

How can I get the F5 to show connection logs with the cs IP addresses as well as the ss IP addresses in the connectin logs we send to the SIEM?

Thank you

Labels:
0 Kudos
1 REPLY 1

Patrik_Jonsson
MVP
MVP

‎18-May-2022 13:48

You could check out the logging iRule @TimRiker wrote:

https://community.f5.com/t5/crowdsrc/performance-logging-irule-rule-http-log/ta-p/288612

0 Kudos
Copyright © 2023 Khoros, LLC