Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Sent WAF event from BIG-IQ to Remote server ( SOC arcsight)

Hoang_Hung
Cirrus
Cirrus

‎02-Dec-2020 09:38

Dear all

We had a BIG-IP System running WAF. At this time all event WAF log was sending to BIG-IQ.

So. Do you know solution sent WAF event from BIG-IQ to Remote Sever ( SOC=arcsight)

Note. One time BIG-IP only use a manual Log profile.

 

Thanks all

Hung Hoang

Labels:
0 Kudos
1 REPLY 1

Dojs
Cirrostratus
Cirrostratus

‎23-Dec-2020 05:58

Hi,

you can send to both together.

 

TIP:

  1. Create a Pool with your IP of ArcSight
  2. Create Log Destination HighSpeed with the pool
  3. Create Log Destination Remote Syslog with the HSL above
  4. Inside of remote-logging-publisher of WAF, insert destination create above

 

See if works, for me works in QRadar

0 Kudos
Copyright © 2023 Khoros, LLC