F5 AFM CEF Logs Coming without Syslog Header
Hi Team, We have a customer who is using F5 Advanced Firewall Module and have configured the logging according to the guide: https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-11-6-0/14.html Customer is forwarding logs to the SIEM on UDP 514. We have noticed that the received logs doesn't have the Syslog header in it. Can someone please help if there is any configuration steps where this can be enabled. Sample log: CEF:0|F5|Advanced Firewall Module|16.1.3.2.0.0.4|23003137|Network Event|8|rt=Mar 16 2025 17:22:02 dvchost=Test123 dvc=172.10.10.10 src=172.20.20.20 spt=33526 dst=172.20.16.15 dpt=80 proto=TCP cs1=/Common/Rule_RD0545:Rule_RD0545_17 cs1Label=acl_rule_name cs2=/Common/VLAN1045 cs2Label=vlan act=Accept decisively reason= c6a2= c6a2Label=source_address c6a3= c6a3Label=destination_address cs3=/Common/RD0545 cs3Label=Route Domain cn1=545 cn1Label=route_domain cs4=Enforced cs4Label=acl_policy_type cs5=/Common/Policy_RD0545 cs5Label=acl_policy_name cs6= cs6Label=acl_rule_uuid destinationTranslatedAddress=172.20.20.71 destinationTranslatedPort=7005 sourceTranslatedAddress=172.20.20.126 sourceTranslatedPort=31201 cn2=545 cn2Label=TranslatedRouteDomain cn3=000240478ebc23f8 cn3Label=flow_id F5TranslatedIpProtocol=TCP F5TranslatedVlan=/Common/VLAN1045 F5SrcTranslationType=Automap F5SrcTranslationPool= F5SrcGeo=No-lookup F5DstGeo=No-lookup F5SrcUser=unknown F5SrcFqdn=unknown F5DstFqdn=unknown F5SendToVs= F5SrcZone= F5DstZone= F5DstVlan= F5SrcIpiCategories=No-lookup F5DstIpiCategories=No-lookup Thanks in Advance. Anshul