cancel
Showing results for 
Search instead for 
Did you mean: 

Separate Event Logs

Rozh
Nimbostratus
Nimbostratus

Dear all,Hello

I have a lot of logs F5 products in SIEM, Know I want to specify the logs of the Network Login Failed & Change Configuration,....

In general, I want to separate the Audit logs from the others. Is it possible?

Thank you for your help.

5 REPLIES 5

boneyard
MVP
MVP

at first glance that looks like a question for the forum of your SIEM, they can most likely suggest a filter or search to make this happen.

 

or do you want the F5 BIG-IP to only send specific logs?

Rozh
Nimbostratus
Nimbostratus

Thanks boneyard for the tips.

In fact, we have an internal SIEM , and I want to separate all the logs sent. For example, a system of locals or Audit.

Because i want to detect Number of Login faill - Change config and etc.

In your opinion , I should define a template or Filter from the syslog and detect details that want ?

 

Ivan_Chernenkii
F5 Employee
F5 Employee

Hello Rozh,

 

For event logs you can configure remote logging profile on "Security ›› Event Logs : Logging Profiles" page with appropriate filter. e.g. "Login Result" only "failed"

 

Thanks, Ivan

Dear Chernenkii ,Thaks you .🙏

If this resolves your issue, then please mark this question as resolved.