Forum Discussion

Hoang_Hung's avatar
Aug 25, 2020

WAF Event Log on BIG-IQ not Real - Time

Hi all

We have BIG-IQ system. But At this time WAF event log on BIG-IQ not real -time

We have check event log on BIG-IP Device all ok. But on BIG-IQ not real -time

Plz help me

BIG-IQ: Time: Last Event log: July 21,2020

BIG-IP: Device: always real time

 

Thanks all

Event Log BIG-IQ

 

Event Log BIG-IP

18 Replies

  • Hello Hoang,

     

    Do you have different time for the same "Support ID"?

    Do you configure dns and ntp on BIG-IP and BIG-IQ?

     

    Thanks, Ivan

    • Hoang_Hung's avatar
      Hoang_Hung
      Icon for Cirrus rankCirrus

      Hi  

      Thanks you so much.

      We have configuration DNS and NTP on BIG-IQ and BIG-IP.

      But I done know " Do you have different time for the same "Support ID"?" What is Support ID ?

       

      Thanks

      Hung Hoang

      • Ivan_Chernenkii's avatar
        Ivan_Chernenkii
        Icon for Employee rankEmployee

        For each request, which is logged on BIG-IP/BIG-IQ you have Support ID (id of logged request).

        On your screenshot from BIG-IQ it is mentioned in "Support ID" column.

        On BIG-IP it could be seen in "All Details" of selected request, also you can use filer to find needed one.

  • Dojs's avatar
    Dojs
    Icon for Cirrostratus rankCirrostratus

    Check the time of Support ID *6091 on BIG IP. To validate the right time

    • Hi  

      I have check support ID *6091 on BIG-IP but It is not have on BIG-IP. I have check , log on BIG-IQ depend on other Policy. and now on BIG-IP havent policy it.

      ==> So I cannt find it.

       

      Thanks

      Hung Hoang

  • Hi  and  

    Thank you so much.

    I have check on BIG-IQ. I see that:

    In Configuration > Security > WAF >Virtual Server: I see that: Virtual Server applied Policy WAF inactive. But

    Configuration >Local Traffic > Virtual Server : It's still with Active.

    ===> I think ===> No event log on BIG-IQ.

     

     

    0691T000009i8XcQAI.jpg

    In Local Traffic > VIP:

    0691T000009i8XhQAI.jpg

    plz help us

     

    Thanks

    Hung Hoang

    • Ivan_Chernenkii's avatar
      Ivan_Chernenkii
      Icon for Employee rankEmployee

      Hello Hung,

       

      It looks like your BIG-IP and BIG-IQ are out of sync - you have VS with policy and logging profile on BIG-IP, but not on BIG-IQ, that is why on BIG-IQ you don't see any logs anymore.

      I suggest to create needed configuration on BIG-IQ and then deploy it to all appropriate BIG-IPs.

      About inactive policy - you need to make it active.. Do you know how?

       

      Thanks, Ivan

      • Hoang_Hung's avatar
        Hoang_Hung
        Icon for Cirrus rankCirrus

        Hi  

        I suggest to create needed configuration on BIG-IQ and then deploy it to all appropriate BIG-IPs. : I degree.

        But. and now Virtual Server on WAF: inactive so we can not deploy from BIG-IQ to BIG-IP

        (Note: On Virtual Server ( Local Traffic) BIG-IP and BIG-IQ still Activc (Previous picture)

        Ivan: " About inactive policy - you need to make it active.. Do you know how? " At this time I not solution it yet"

        Do you know how ?

         

        Thanks

        Hung Hoang

         

  • Hi  

    Yep .Currently I see requests logged on BIG-IP, but not on BIG-IQ.

    I have congfig remote log profile, then attached it to VS.

    I sent to you information detail attach picture.

     

    Thanks

    Hung Hoang

    0691T000009iCsZQAU.png0691T000009iCseQAE.png