Forum Discussion
The-messenger
Apr 29, 2019Cirrostratus
I have the same challenge from our security team and monitoring team. Have to say this always surprises me, other "security" devices seem to do much better at logging. Problem with Big-IP is that you have to correlate it all together. Yes an Unix admin can do this but then something changes and you have to start all over - and you don't know that it's all missing. Correlating events are in different logs, field names are different, it is not simple to put together.
I simply don't have the time for this, so I plan on an engagement with PS to get my logging all down so it APM can operate as a security device, and then add ASM logs as well.