So we have a security incident in wich a portscan is detected coming from our f5 snatpool towards another specifiek machine. Is there any logging i can check to see from which machine the portscan was initiated? I am not f5 expert so bear with me please 🙂
There are no records for old flows, but you can create an iRule for logging those sessions and apply it to the VS. Or even better, create a Request-Logging profile.
Logging connections using High Speed Logging
Request logging profile
In both cases, I recommend you send those logs to an external device, to not affect the local system performance.