Applies To:

Show Versions Show Versions

Manual Chapter: General System Options
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

13 
The Application Security Manager has several system management options available. The system management options apply to the overall application security configuration. You can:
The Application Security Manager provides a user role specifically designed for security policy management. You can assign the Application Security Policy Editor user role to those personnel who can edit the security policies, but cannot change any of the local traffic, network, or system settings. For additional information on user roles and user management, refer to the BIG-IP® Network and System Management Guide, which is available in the AskF5SM Knowledge Base at https://support.f5.com.
1.
On the Main tab of the navigation pane, expand System, and then click Users.
The User List screen opens.
2.
Click the Create button.
The New User screen opens.
3.
For the User Name setting, type the users name.
4.
For the Password setting, type and confirm the users password.
5.
For the Role setting, select Application Security Policy Editor from the list.
7.
Click Finished.
The screen refreshes and you see the new user account in the list.
Logging profiles specify how and where the system stores requests data for web applications. When you configure a web application, you select the logging profile for that web application. You can use one of the system-supplied logging profiles, or you can create a custom logging profile. Additionally, you can choose to log the requests data locally, or on a remote storage system. Note that the system-supplied logging profiles log data locally. For more information on selecting the logging profile for a web application, refer to Configuring the logging profile for a web application.
A logging profile has two parts: the storage configuration and the storage filter. The storage configuration specifies where the logs are stored, either locally or remotely. The storage filter determines what information gets stored.
Local-storage logging profiles store requests data in the Application Security Manager system. You can view locally-stored requests on the Reporting >> Requests screen. When you store the requests data locally, there may be times when the logging utility competes for system resources. You can use the Guarantee Logging setting to ensure that the system logs the requests in this situation.
Important: Enabling the Guarantee Logging setting may cause a performance reduction of you have a high traffic-volume application.
Note: Regardless of whether you enable the Guarantee Logging setting, the system does not drop requests if system resources are an issue.
1.
2.
On the menu bar, click Logging Profiles.
The Logging Profiles screen opens.
3.
Above the Logging Profiles area, click the Create button.
The Create New Logging Profile screen opens.
4.
In the Configuration area, for the Profile Name setting, type a unique name for the logging profile.
5.
Optionally, for the Profile Description setting, type any additional information about the profile.
6.
For the Storage Type setting, select Local.
7.
Check the Guarantee Logging box (an Advanced configuration option) to ensure that the system logs requests for the web application, even when the logging utility is competing for system resources. Enabling this setting may slow access to the associated web application.
9.
Click the Create button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
When you configure a remote-storage logging profile, the system stores requests data for the associated web application off the system. You can then use a remote management system to view the files.
You can set up a remote-storage logging profile using a basic configuration, or an advanced configuration. The advanced configuration settings offer additional refinements for the type of data the system stores.
Important: The remote-storage logging profile relies on external systems to perform the actual logging. The configuration and maintenance of the external logging servers is not the responsibility of F5 Networks.
1.
On the Main tab of the Application Security navigation pane, in the Application Security section, click Options.
The Attack Signatures screen opens.
2.
On the menu bar, click Logging Profiles.
The Logging Profiles screen opens.
3.
Above the Logging Profiles area, click the Create button.
The Create New Logging Profile screen opens.
4.
Above the Configuration area, select Basic or Advanced. If you select Advanced, the screen refreshes to display additional settings.
5.
For the Profile Name setting, type a unique name for the logging profile.
6.
Optionally, for the Profile Description setting, type any additional information about the profile.
7.
For the Storage Type setting, select Remote.
The screen refreshes, and displays additional settings.
8.
For the Protocol setting, select the protocol that the remote storage server uses.
9.
For the Server IP setting, type the IP address for the remote storage server.
10.
For the Server Port setting, type a port number or use the default value, 514.
11.
For the Facility setting, select the syslog facility filter that you want to associate with this request data.
Tip: If you have more than one web application, and you configure remote logging for both applications, you can use the facility filter to sort the data for each.
12.
For the Severity setting, select the event severity level that the system logs requests for. Note that the system logs events at the severity level you select, and above. (See Setting event severity levels for security policy violations, for more information.)
13.
For the Storage Format setting, from the Available Items list, select one or more data items that you want the log file to contain. Use the Move button (<<) to add the data items to the Selected Items list. Optionally, if you select the Advanced configuration (see step 4), you can specify the log file format for the data items, by selecting one of the following options:
Predefined: If you select this option, then specify the delimiter that you want the system to use to separate the data in the log file, and also select the data items that you want to store remotely.
User-defined: If you select this option, then in the Selected Items box, type the data items that you want the system to store, with surrounding percent (%) characters (for example, %request%). You may also select any of the system-supplied data items from the Available Items list, and add them to the Selected Items list.
16.
Click the Create button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
If your network uses the eIQnetworks® SecureVue® reporting server, you can configure a logging profile that formats the log information for that system. The logging profile for the eIQnetworks SecureVue reporting server uses the following default settings:
The storage format uses the following fields: unit_hostname, management_ip_address, web_application_name, policy_name, policy_apply_date, violations, support_id, request_blocked, response_code, ip, method, protocol, uri, request, query_string, x_forwarded_for_header_value
Important: This logging profile relies on external systems to perform the actual logging. The configuration and maintenance of the external logging servers is not the responsibility of F5 Networks.
1.
On the Main tab of the Application Security navigation pane, in the Application Security section, click Options.
The Attack Signatures screen opens.
2.
On the menu bar, click Logging Profiles.
The Logging Profiles screen opens.
3.
Above the Logging Profiles area, click the Create button.
The Create New Logging Profile screen opens.
4.
Above the Configuration area, select Basic or Advanced. If you select Advanced, the screen refreshes to display additional settings.
5.
For the Profile Name setting, type a unique name for the logging profile.
6.
Optionally, for the Profile Description setting, type any additional information about the profile.
7.
For the Storage Type setting, select EIQnetworks - SecureVue.
The screen refreshes, and displays additional settings.
8.
For the Server IP setting, type the IP address for the remote storage server.
9.
For the Server Port setting, type a port number or use the default value, 514.
10.
For the Facility setting, select the syslog facility filter that you want to associate with this request data.
12.
Click the Create button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
The storage filter determines what request information the logging profile stores. The storage filter stores the same information for all logging profiles. You can either modify the storage filter for an existing logging profile, or you can create a new logging profile. To create new logging profile, see Configuring a local-storage logging profile, Configuring a remote-storage logging profile, or Configuring a logging profile for the eIQnetworks SecureVue reporting server, for more information.
1.
2.
On the menu bar, click Logging Profiles.
The Logging Profiles screen opens.
3.
In the Logging Profiles area, click the name of an existing logging profile.
The Edit Logging Profile screen opens.
4.
Above the Storage Filter area, select Basic or Advanced. The Advanced option offers additional settings.
5.
For the Request Type setting, select which requests you want the system to store in the log.
6.
For the Logic Operation setting, select the manner in which the system associates the criteria you specify. The criteria are the remaining settings in the storage filter.
OR: Select this operator if you want the system to log the data that meets one or more of the criteria.
AND: Select this operator if you want the system to log the data that meets all of the criteria.
7.
For the Protocol setting, select whether logging occurs for all protocols, or a specific protocol.
8.
For the Response Codes setting, select whether logging occurs for all response codes, or specific response codes.
9.
For the HTTP Methods setting, select whether logging occurs for all methods, or specific methods.
10.
For the Request Containing String setting, select whether logging occurs for all requests of the type you specified in step 5, or only for requests that contain, in the element that you select, the string that you type in the box.
11.
Click the Create button.
The screen refreshes, and displays the new logging profile on the Logging Profiles screen.
One of the general system options is configurable Syslog event severity for security policy violations. You can use this option to customize the severity levels for application security events that are logged by the syslog utility. The event severity levels are Debug, Informational, Notice, Warning, Error, Critical, Alert, and Emergency. They range from least severe (Debug) to most severe (Emergency). For more information on how BIG-IP systems use the syslog utility, refer to the Logging BIG-IP System Events chapter, in the BIG-IP® Network and System Management Guide.
1.
2.
On the menu bar, click Syslog Severities.
The Syslog Severities screen opens.
4.
Click the Save button to retain any changes you may have made.
Tip: Click the Restore Defaults button if you modify the event severity levels for any of the security policy violations, and later decide you want to use the system-supplied default values instead.
Locally-stored system log files for the Application Security Manager are accessible from the Configuration utility for the BIG-IP system. Note that these are the log files for general system events and user activity. Security violation events are displayed in the Configuration utility for the Application Security Manager. For more information on logging in general, refer to the BIG-IP® Network and System Management Guide, which is available in the AskF5SM Knowledge Base, https://support.f5.com.
Tip: If you prefer to review the log data from the command line, the system stores application security log data in the following directory: /var/log/asm.
1.
On the Main tab of the navigation pane for the BIG-IP system, expand System, and then click Logs.
The System Logs list screen opens.
2.
On the menu bar, click Application Security.
The Application Security log list screen opens, where you can review the logged entries.
The RegExp Validator is a system tool designed to help you verify your regular expression syntax. You can type your regular expression in the RegExp Validator, and provide a test string pattern, and the tool analyzes the data.
2.
From the Tools menu, choose RegExp Validator.
The RegExp Validator screen opens.
3.
In the RegExp box, type the regular expression syntax.
4.
In the Test String box, type a test string pattern.
5.
Click the Validate button.
The screen refreshes and you see the results of the validation.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)