F5 BigIP ASM categorization file

1 Likes
over 10 years ago

F5 BigIP ASM module can send logs using CEF format, but as for any CEF-format connector, there is no categorization so the default ArcSight content doesn't take these events into account. We also found out some messages have the same meaning but are not parsed the same way, which doesn't help categorization. This is why we created some additional map files to *correct* some fields.

Enjoy !

Comment List
Anonymous
Parents
  • Hmm... I see we give out 3 different ways to set up logging with this device.

    The way to configure logging with this platform has changed a lot accross versions. So reader, pick the method that best fits the F5 ASM version you own.

    We also have tested 3 other methods which proved not to work in the end so don't use them :

    • Using "Remote High Speed Logging"
    • F5 BigIP platform system logs (under System => Logs => Configuration => Remote Logging)
    • Using the CLI and Syslog-NG

Comment
  • Hmm... I see we give out 3 different ways to set up logging with this device.

    The way to configure logging with this platform has changed a lot accross versions. So reader, pick the method that best fits the F5 ASM version you own.

    We also have tested 3 other methods which proved not to work in the end so don't use them :

    • Using "Remote High Speed Logging"
    • F5 BigIP platform system logs (under System => Logs => Configuration => Remote Logging)
    • Using the CLI and Syslog-NG

Children
No Data
Related Discussions
Recommended