logs
29 TopicsTroubleshooting and logs
Hello, i am trying to build environment for one project. For now i got the first step configured - an app which i need to use with F5 is Keycloak, one www app and xmpp chat. For now, i do not really know what else should i use via f5, only loadbalance of access to keycloak is done. I am using SSL/TLS communication and can log in to keycloak website using f5 as load balancer. I will be trying to understand how this environment is working now, and will try to determine what should i use via F5. But what is a little problematic for me is to: 1. find a good articles about configuration f5 - for example simple load balancing with ssl/tls etc step by step - and this is the first question, how do You search for configuration steps of something? 2. second and important thing is - how to troubleshoot and check logs for this kind of communication - please share with me some siple, good written articles. For example, for now i would lik eto check via logs every steps of my communication which is working, i do not really know how and where. i saw this article Troubleshooting BIG-IP - The Basics | DevCentral - but it is overall info without examples. Thank You for Your advices. Best way would be to understand this logs, if i got knowledge how and what can i find this way i would be able to determine, what configuration i am missing, if something is comunicating properly etc. Thanks for the help.69Views0likes3CommentsReporting Help Needed
Hi Experts , I am new to F5 , i need a help regarding reporting , so client have F5 WAF , and we have to make a daily report of "event correlation" we need to copy the incident details count and the security policy name from each and every "vulnerability scan" and copy the information , i can export it on html , but the problem is in the html we are not getting the full information. so can you please let me know how can i export the full report.39Views1like1CommentLogs for local-db-publisher
We are running the DNS module on a dedicated box. We have DNS log publisher set to the "local-db-publisher" - however, we are not certain where these logs are located. DNS log queries and log responses are both enabled. I have found some articles that mention that the logs can be found in /var/log/gtm and some that state they are found in /var/log/ltm but the queries and responses are nowhere to be found. Suggestions?Solved1KViews0likes6CommentsLog separation by event
Los logs waf se están enviando a un SIEM, pero al momento de registrarlos, está registrando más de un evento por sección, este acto provoca que se pierda información ya que al juntarse tantos eventos se convierte en una cadena muy grande y provoca que comiencen a saltar líneas, como se muestra en la imagen. Por eso el cliente me pide que los separe para evento, ¿alguien sabe si hay solución?Solved653Views0likes2CommentsAFM reporting no data
Hi! I have an AFM installation here that seems to be working very well as firewall and ddos protection, but the problem is that none of the reports are working. I have a logging profile created for all the VSs and the publisher is set as local-db-publisher everywhere. Logs working: Reports not working: It is also possible to observe some javascript errors being report in console: My logging profile: security log profile Log_Local { dos-network-publisher local-db-publisher ip-intelligence { log-publisher local-db-publisher } network { Log_Local { filter { log-ip-errors enabled log-tcp-errors enabled } publisher local-db-publisher } } port-misuse { log-publisher local-db-publisher } protocol-dns-dos-publisher local-db-publisher protocol-inspection { log-publisher local-db-publisher } protocol-sip-dos-publisher local-db-publisher traffic-statistics { active-flows enabled log-publisher local-db-publisher missed-flows enabled reaped-flows enabled syncookies enabled syncookies-whitelist enabled } } Am I doing something wrong? Thanks!461Views0likes3CommentsIRULE TO REMOVE LOGS FROM FORWARD PROXY IRULE
What irule can be used to remove logs from an irule. The situation is that, the irule applied to a virtual server is filling up the /var/log folder and tmm is rebooting. example, if { $static::enable_logging_L4_VIP_GPRS_TRANSPARENT } { set logging_handle [HSL::open -proto UDP -pool ${static::log_destination_L4_VIP_GPRS_TRANSPARENT} ] i WANT ALL logs removed or tmm not to activate them186Views0likes0CommentsIRULE TO REMOVE LOGS FROM FORWARD PROXY IRULE
What irule can be used to remove logs from an irule. The situation is that, the irule applied to a virtual server is filling up the /var/log folder and tmm is rebooting. example, if { $static::enable_logging_L4_VIP_GPRS_TRANSPARENT } { set logging_handle [HSL::open -proto UDP -pool ${static::log_destination_L4_VIP_GPRS_TRANSPARENT} ] i WANT ALL logs removed or tmm not to activate them269Views0likes1CommentEvent log soap[22458]
Hello, I try to understand a log message on our F5 Big IP 13.1.1.4. Under System -> Logs -> Local Traffic, I have several entries like LogLevel:info Service:soap[22458] Event:src=127.0.0.1, user= I precise there is nothing after user :) Anyone can explain me what it means and if it is possible to filter these entries? Best regards.619Views0likes3Comments