Jump to content

F5 Blog

  • entries
    32
  • comments
    3
  • views
    24

Contributors to this blog

Send BIG-IQ logs to Splunk


rev.dennis

13 views

Need to identify a way to send logs from BIG-IQ to Splunk so we can see failures when BIG-IQ is trying to send signature updates to the DMZ F5’s running AWAF.

First, setting up logging was pretty easy to do

System Tab – Audit Log Syslog Servers

Enter NAME and IP address of syslog servers and TCP 514.

NOTE: I tried the newer rfc5424 and got nothing in Splunk so have to leave the old school rfc3164

Next, Found some interesting articles

https://techdocs.f5.com/kb/en-us/products/big-iq-centralized-mgmt/manuals/product/bigiq-central-mgmt-security-5-4-0/22.html

 

0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Announcements



×
×
  • Create New...

Important Information

Privacy Policy