ASM Logging Best Practices

Question

What are the best practices when logging? TCP/UDP?  Key/Pair or CSV?  What is the recommended maximum entry length?  Thanks!&nbsp;

samstep · Answer

TCP is best if you need to make sure you don't lose any log data (a requirement in the financial sector for example). &nbsp;
Re: format etc. - all depends on the destination SIEM system where you send the logs. If you send your logs to Splunk for example (seems to be a popular choice these days) - there is a good article explaining the formatting of the fields and other settings here:&nbsp;
https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup&nbsp;
I hope this helps&nbsp;

Forum Discussion

ASM Logging Best Practices

1 Reply

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Cipher Suite Practices and Pitfalls

Security Best Practices for BIG-IP & BIG-IQ systems

Managing Kubernetes Traffic With F5 NGINX: A Practical Guide