F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!
20-Jun-2020 16:48
Dear all,Hello
I have a lot of logs F5 products in SIEM, Know I want to specify the logs of the Network Login Failed & Change Configuration,....
In general, I want to separate the Audit logs from the others. Is it possible?
Thank you for your help.
22-Jun-2020 09:53
at first glance that looks like a question for the forum of your SIEM, they can most likely suggest a filter or search to make this happen.
or do you want the F5 BIG-IP to only send specific logs?
24-Jun-2020 18:57
Thanks boneyard for the tips.
In fact, we have an internal SIEM , and I want to separate all the logs sent. For example, a system of locals or Audit.
Because i want to detect Number of Login faill - Change config and etc.
In your opinion , I should define a template or Filter from the syslog and detect details that want ?
30-Jul-2020 12:38
Hello Rozh,
For event logs you can configure remote logging profile on "Security ›› Event Logs : Logging Profiles" page with appropriate filter. e.g. "Login Result" only "failed"
Thanks, Ivan
30-Jul-2020 18:54
Dear Chernenkii ,Thaks you .🙏
30-Jul-2020 19:22
If this resolves your issue, then please mark this question as resolved.
or learn more...
