Logging frontended LDAP with SNAT
Our organization frontends LDAP/LDAPS using F5 virtual servers with our DC's as nodes. We have implemented SNAT to resolve asymmetric routing to our DC's. We use an iRule to forward connection details for these VS's using HSL to a SIEM/syslog appliance. The current iRule solves a classic problem created by the SNAT--that of logging source IP addresses, which would be otherwise lost if we weren't logging from F5. Enough background--here's my question: Has anyone been able to grab other details about the LDAP authentication session such as the user account? Is there a native way to extract this data through an iRule, or some other means such as reading the packet information? Thanks.
ASM Signature Download logs to Remote SIEM server.
Hello Folks, Could you please help me with a specific scenario to send ASM logs to external SIEM logging? Scenario: In case ASM fails to download auto-signature database from F5's update server, it records these logs in /var/logs/asm How can I send these logs to my external SIEM logging server? Please consider that I am using 11.2.1 firmware version. Cheers! Darshan
