Applies To:

Show Versions Show Versions

Manual Chapter: Configuring
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Configuring Monitoring, Remote Logging, and User Preferences
With the Protocol Security Module, you can display a report that shows the security profiles and the number of transactions that your security profiles have blocked.
1.
On the Main tab, expand Protocol Security and click Overview.
The Overview screen opens and lists the security profiles and statistics.
2.
In the Statistics area, from the Profile Type list, select a type of profile if you want to narrow down the statistics.
3.
Select or clear Blocked Transactions, Dropped Transactions, or All Transactions to display the information you want.
By default, the Protocol Security Module retains, in memory, up to 500 log entries per violation. If you want to retain additional log data, F5 Networks recommends that you configure remote logging. You should set up remote logging before you create any security profiles.
When you configure remote logging, the system stores violation data and traffic statistics for the associated security profile off the BIG-IP® system on a separate server. You can then use a remote management system to view the log files. Using remote logging allows you to retain more of the logged information generated by the security profiles, since the default logging location is in system memory.
Important: Remote logging relies on external systems to perform the actual logging. The configuration and maintenance of the external logging servers is not the responsibility of F5 Networks.
1.
On the Main tab, expand Protocol Security and click Options.
The Advanced Configuration screen opens.
2.
On the menu bar, click Remote Logging.
The Remote Logging Configuration screen opens.
3.
For the Protocol setting, select the protocol that the remote storage server uses.
4.
For Storage Type, select the type of remote logging storage:
Remote typically for Syslog servers
ArcSight for ArcSight servers
Reporting Server for other third-party reporting servers such as Splunk
5.
For the Server Addresses settings, type the IP address, port number (default is 514), and click Add to add one or more remote servers.
6.
For the Facility setting, select the Syslog facility filter to associate with this request data. (This setting is available only if you select Remote for the storage type.)
7.
For the Severity setting, select the severity level of all log entries that the system sends to the Syslog server. If you select Emergency (most severe), all violations are logged at this level. (This setting is available only if you select Remote for the storage type.)
Tip: Remember that the system generates log entries only for those violations for which you have checked the Alarm flag.
8.
Click Save.
The system saves any changes you made.
You can change the number of records shown on each screen, and choose whether to display tooltips, tooltip icons, or no tooltips. Tooltips are available for some of the settings, and they provide a hint about the function of the setting.
1.
On the Main tab, expand Protocol Security, point to Options, then click Preferences.
The Preferences screen opens.
2.
For Records Per Screen, type the maximum number of entries (1 to 100) to display on any screen. The default value is 20.
3.
For Titles Tooltip Settings, whether to display tooltips, and if so, how:
Select Do not show tooltips if you never want to see tooltips.
Select Show tooltip icons to have the system display an icon whenever a tooltip is available. To view the tooltip, point to the icon. This is the default setting.
Select Show tooltips on title mouseover to have the system display a tooltip when you point to the setting. (No icon is displayed next to the setting.)
4.
Click Save if you made changes.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)