ASM: is it mandatory to have a syslog server?
Hello, One of our customer, do not have a Syslog server (neither remote syslog or HSL). It uses only SNMP pollong/traps and SMTP to send legal/illegal requests. Do you think it is doable to run a PROD environment like this or are there an messages which are available only on syslog? What are the risks of running a PROD environment with out a syslog service? Thanks!172Views0likes1CommentLog APM application launches from portal to Syslog
Hi, I've followed Hamish's answer to the question syslog APM VPN log in and log outs - Thanks Hamish and now I'm trying to find out is there any way to log if someone launches an application from the webtop to syslog so we can track application usage? Any information would be most appreciated Thanks Jonathon Page269Views0likes1CommentSPLUNK intergration with LTMv11- to send access log
Hi All, I have syslog configuration on LTM V11.4 right now to send syslog to SPLUNK. I only see system related log on splunk. But I want to see access log on splunk for reporting, including the source ip address of the client and other http request details. can you help how i can configure LTM to sent all the access log to splunk? thanks201Views0likes2CommentsF5 syslog
Want to preface this with I have found quite a few articles for different sections of logging within F5, but really want to get a high level explanation of the differences and really, best practices on how to do syslog with F5. Im running 11.5.3 and I know there is a section for syslog (System > Logs > Configuration) but I also know there is a whole section within ASM. My company recent just bought LogRythm for our syslog and they are requesting I send all logs to it. My question is, do I need to configure both spots? Are there more spots than just those two that I need to be aware of and configure? There below are really my concerns and goals: All logs need to go to LogRythm. Things like device/system errors, changes to LTM, ASM, AFM, APM, etc. We need more ASM logs. Today, they roll over way to fast due to the amount of traffic. How do most of you handle this? Having ASM logs locally is a pretty big benefit that gets us insight and connections into disabling signatures or whatever else might need to be done. I would like to start getting alerts for VIP's/Pool members going down or offline. I assume those types of things will already be sent in the normal System syslogs? We could then set up email alerts or whatever else from LogRythm. Thanks in advance! Im sure most of this is covered individually somewhere, but really havent ever found a holistic answer that covers all bases.300Views0likes1Comment