Applies To:

Show Versions Show Versions

Manual Chapter: Support and Maintenance
Manual Chapter
Table of Contents   |   << Previous Chapter

Support

BIG-IQ Security customer support

Use the following methods to contact F5 Networks customer support:

  • Telephone - Contact Support numbers: http://www.f5.com/support/support-services/contact/
  • F5 Networks Services Support Online - Online customer support request system: https://websupport.f5.com
  • F5 Networks Online Knowledge Base - Online repository of answers to frequently asked questions: http://support.f5.com

Audit logs

With BIG-IQ Security, all firewall policy changes occur in a centralized location as opposed to on individual BIG-IP Advanced Firewall Module (AFM) devices. BIG-IQ Security records every policy change and policy deployment to BIG-IP AFM devices in a central audit log. Administrators and auditors can examine the log to view change details, see when changes were made or deployed, and identify who made changes to a policy or BIG-IP AFM device.

This audit log provides important assistance in compliance, troubleshooting, and record-keeping.

On BIG-IQ Security, the restjavad-audit.0.log lists all firewall policy edits and identifies who (or what) made the change(s). The log also contains information about deployments to managed firewall devices (date and time deployed) and tracks firewall manager login and logout activity.

The audit log is a text-based file, residing on the BIG-IQ system. The log should be sufficient for compliance, troubleshooting, and record-keeping as long as the log can be exported for off-device processing and archiving.

With BIG-IQ Security, all firewall policy changes occur in a centralized location as opposed to on individual BIG-IP AFM devices. BIG-IQ Security records every policy change and policy deployment in a central audit log, restjavad-audit.0.log. Administrators and auditors can examine restjavad-audit.0.log to view change details, see when changes were made or deployed, and identify who made changes. The log also tracks firewall manager login and logout activity.

The audit log is text-based and contains clear delimiters for ease of parsing. The log should be sufficient for compliance, troubleshooting, and record-keeping as long as the log can be exported for off-device processing and archiving.

As with any logging system, it is expected that the volume of log entries be automatically managed in a way that prevents local storage from being exhausted. The length of time audit logs must be kept varies from organization to organization.

To manage the audit log:

  1. Navigate to the audit log location.

    Logs are located on BIG-IQ at /var/log/. SSH to the BIG-IQ device. Log in and cd to /var/log/. Look for restjavad.0.log.

  2. If desired, save the log locally. (Use the command line or the Save as function.)
  3. If desired, use scripts to parse audit log information.

Device discovery states

During discovery, the following states are displayed:

Device discovery states

NEW
SUBTASK_INIT
LOAD_LICENSE
QUERY_LICENSE
IDENTIFY_LICENSE
PENDING_IDENTIFIED_DEVICE
IDENTIFY_DEVICE_COMPLETE
DELAY_REFRESH_COMPLETE
REFRESH_DEVICE_COMPLETE
QUERY_RUNNING_CONFIG
RUNNING_IMPORT_COMPLETE
RUNNING_IMPORT_RULELISTS_COMPLETE
RUNNING_IMPORT_FIREWALLS_COMPLETE
WORKING_IMPORT_COMPLETE
WORKING_IMPORT_RULELISTS_COMPLETE
WORKING_IMPORT_FIREWALLS_COMPLETE
WORKING_IMPORT_COMPLETE
WORKING_IMPORT_RULELISTS_COMPLETE
WORKING_IMPORT_FIREWALLS_COMPLETE
PENDING_CONFLICTS
PENDING_CANCEL
CONFLICT_RESOLUTION_COMPLETE
IMPORT_ADDRESS_LISTS_COMPLETE
IMPORT_PORT_LISTS_COMPLETE
IMPORT_SCHEDULES_LISTS_COMPLETE
UPDATING_RULES_COMPLETE
REFRESH_RULE_LISTS_COMPLETE
IMPORT_RULE_LISTS_COMPLETE
IMPORT_RULES_COMPLETE
UPDATING_FIREWALLS_COMPLETE
IMPORT_FIREWALLS_COMPLETE
COMPLETE
FAILED
FAILED_MAX_EXCEEDED

Device deployment states

During deployment, the following states display:

Device deployment states

NEW The deployment process has started.
COMPLETED_RETRIEVE_DEVICES Devices have been successfully retrieved. All managed devices on BIG-IQ Security have been found.
FAILED_RETRIEVE_DEVICES Failed to retrieve devices. Failed to find all managed devices on BIG-IQ Security.
COMPLETED_CHECK_DMA Verified that the process of declaring management authority is not currently running. The deployment process cannot run if DMA is running.
FAILED_CHECK_DMA Verified that the process of declaring management authority is currently running. The deployment process cannot run at the same time.
STARTED_REFRESH_CONFIG Refresh of the current configuration for all devices included in deployment has started. This process pulls in any new configuration items from the BIG-IP device in to the current configuration.
COMPLETED_REFRESH_CONFIG Refresh of the current configuration for all devices included in deployment has started has completed. This process pulls in any new configuration items from the BIG-IP device in to the current configuration.
FAILED_REFRESH_CONFIG Refresh of the BIG-IQ Security current configuration has failed. This refresh pulls in any new configuration items from the BIG-IP device in to the current configuration.
STARTED_SNAPSHOT Snapshot of the working configuration has started.
COMPLETED_SNAPSHOT Snapshot of the working configuration has completed.
FAILED_SNAPSHOT Snapshot of the working configuration has failed.
START_DIFFERENCE Preparing to start the process of enumerating differences between the snapshot taken and the current configuration.
STARTED_DIFFERENCE Generating the differences between the snapshot taken and the current configuration has started.
COMPLETED_DIFFERENCE The process of enumerating differences between the snapshot taken and the current configuration has completed.
FAILED_DIFFERENCE The process of enumerating differences between the snapshot taken and the current configuration has failed.
STARTED_PROCESSING_DIFFERENCE Processing differences between the snapshot taken and the current configuration has started. This state transforms the difference data into a form that can be distributed.
COMPLETED_PROCESSING_DIFFERENCE Processing differences between the snapshot taken and the current configuration has completed. This state transforms the difference data into a form that can be distributed.
FAILED_PROCESSING_DIFFERENCE Processing differences between the snapshot taken and the current configuration has failed. This state transforms the difference data into a form that can be distributed.
START_DISTRIBUTION Preparing to start the distribution process.
STARTED_DISTRIBUTION The process of distributing configuration changes to specified devices has started.
FAILED_DISTRIBUTION The process of distributing configuration changes has failed.
COMPLETED The deployment process has completed.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)