cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Forwarding ASM Event Logs to AWS Cloudwatch v15.1.2.1

Utkarsh_Gupta
Nimbostratus
Nimbostratus

Hi,

 

Running in an AWS setup, our requirement is to receive HTTP request logs from WAF onto Cloudwatch.

 

We have followed the following:

1.5.2. WAF HTTP Request and Security Logging to CloudWatch (f5.com)

 

Using this template:

f5-cloud-iapps/f5.cloud_logger.v1.0.0.tmpl at master · F5Networks/f5-cloud-iapps · GitHub

 

We aren't receiving any traffic logs on Cloudwatch. The cloudwatch logging profile has been added to every virtual server under VS>Security>Policies. LTM logging is not what we want, and we had disabled it while configuring the iApp, hence there is no remote logging profile for LTM. There is no outbound traffic from the management in a TCP Dump.

 

Now the questions:

1.) In the support matrix of the iApp template in Cloud Logger iApp template (f5.com), it states that the supported BIG-IP versions are 12.1.x-14.x and unsupported are 12.0.0 and earlier. What about v15.x and above? Could that be the reason for it not working? If yes, then is it even possible in this case at all?

 

2.) In the lab tutorial, it states that it is an AWS auto-scale environment. Whereas, we're running just a standard Active-Active HA pair. Will configuration differ?

 

3.) Our main goal is to generate email alerts for every blocked request that we are receiving on our WAF. We don't have a syslog server in the environment presently. Since ASM doesn't store logs locally and hence SNMP can't work, we are looking at possible options. It's a fairly small setup with not much traffic.

0 REPLIES 0