Device Version missing from logs

Question

I am sending logs to McAfee ESM and after a system restore and fail-over the ASM is no longer sending the device version in the logs.  This is a required field for McAfee.  Prior to the crash this field was included in the logs being sent.  Without this field it causes the ESM to be unable to parse the data correctly.  Has anyone ever seen this?  
&nbsp;
Example from log: the || is were the device version should be.
Dec 14 14:34:12 TR01PPAF5003.mgmt.shoremortgage.com ASM:CEF:0|F5|ASM||Illegal meta character in parameter name|Illegal meta character in parameter name|5|&nbsp;
Thanks for the help.&nbsp;

chris_grant · Answer

If this was working and broke after a crash, but without any further changes, then I would open a support ticket. There is a known issue in certain versions of 11.5.0, 11.5.1, and 11.6.0 where we fail to send logs, but this should have been the case before the crash (ID493234). This should be fixed in the latest hotfixes.

Forum Discussion

Device Version missing from logs

1 Reply

Recent Discussions

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

Related Content

Device Management

TMOS Version Update Paths

Net Trunk API Status Field Missing

Big IP version 12 API

BIG-IQ statistics in dashboard missing/interrupted