Forum Discussion

Discoverer_3402's avatar
Discoverer_3402
Icon for Nimbostratus rankNimbostratus
Jul 18, 2018

Configuration for sending LTM Traffic logs to SIEM server

Hi,

 

Our security team need to send all the traffic logs from LTM to Logrhythm(SIEM solution). I have already configure the system logs messages on LTM which is not enough for them. Please respond if somebody know how do i send the traffic logs to Logrhythm server IP.

 

Your support will be highly appreciated.

 

Regards,

 

1 Reply

  • Hi,

     

    I already set this kind of configuration with Arcsight (SIEM) and Splunk. In all the configuration that you have to deploy depends on what you want to log.

     

    For send LTM/APM you can just set remote server (System ›› Logs : Configuration : Remote Logging).

     

    If you want to send ASM logs you can follow this KB: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/12.html

     

    you have several ways to send the logs, everything depends what you want to get back. can you give me you context please and what exaclty you want to send.

     

    Keep in mind that all your VS don't generate logs. if you want that your VS generate W3C logs in order to send it to your remote syslog you have to create and set a "request logging". ...