Applies To:

Show Versions Show Versions

Manual Chapter: Monitoring and Remote Logging
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

With the Protocol Security Module, you can display a report that shows the security profiles and the number of transactions that your security profiles have blocked.
On the Protocol Security navigation pane, expand Overview and click Welcome.
The Welcome screen opens and lists the security profiles and statistics.
From the Profile Type list, select a type of profile if you want to narrow down the statistics.
Click Blocked Transactions or All Transactions to display the information you want.
By default, the Protocol Security Module retains, in memory, up to 500 log entries per violation. If you want to retain additional log data, F5 Networks recommends that you configure remote logging. You should set up remote logging before you create any security profiles.
When you configure remote logging, the system stores violation data and traffic statistics for the associated security profile off the BIG-IP® system on a separate server. You can then use a remote management system to view the log files. Using remote logging allows you to retain more of the logged information generated by the security profiles, since the default logging location is in system memory.
Important: Remote logging relies on external systems to perform the actual logging. The configuration and maintenance of the external logging servers is not the responsibility of F5 Networks.
On the Protocol Security navigation pane, click Options.
The Advanced Configuration screen opens.
On the menu bar, click Remote Logging.
The Remote Logging Configuration screen opens.
For the Protocol setting, select the protocol that the remote storage server uses.
For Storage Type, select the type of remote logging storage:
Remote typically for Syslog servers
ArcSight for ArcSight servers
Reporting Server for other third-party reporting servers such as Splunk
For the Server IP setting, type the IP address of the remote storage server.
For the Server Port setting, type a port number or use the default value, 514.
For the Facility setting, select the Syslog facility filter to associate with this request data. (This setting is available only if you select Remote for the storage type.)
For the Severity setting, select the severity level of all log entries that the system sends to the Syslog server. If you select Emergency (most severe), all violations are logged at this level. (This setting is available only if you select Remote for the storage type.)
Tip: Remember that the system generates log entries only for those violations for which you have checked the Alarm flag.
Click Save.
The system saves any changes you may have made.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)