Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring F5 Networks BIG-IP ASM

 

The JSA F5 Networks BIG-IP Application Security Manager (ASM) DSM collects web application security events from BIG-IP ASM appliances by using syslog.

To forward syslog events from an F5 Networks BIG-IP ASM appliance to JSA, you must configure a logging profile.

A logging profile can be used to configure remote storage for syslog events, which can be forwarded directly to JSA.

  1. Log in to the F5 Networks BIG-IP ASM appliance user interface.
  2. On the navigation pane, select Application Security >Options.
  3. Click Logging Profiles.
  4. Click Create.
  5. From the Configuration list, select Advanced.
  6. Type a descriptive name for the Profile Name property.
  7. Type a Profile Description.

    If you do not want data logged both locally and remotely, clear the Local Storage check box.

  8. Select the Remote Storage check box.
  9. From the Type list, select one of the following options:
    • In BIG-IP ASM V12.1.2 or earlier, select Reporting Server.

    • In BIG-IP ASM V13.0.0 or later, select key-value pairs.

  10. From the Protocol list, select TCP.
  11. For the IP Address field, type the IP address of the JSA console and for the Port field, type a port value of 514.
  12. Select the Guarantee Logging check box.Note

    Enabling the Guarantee Logging option ensures the system log requests continue for the web application when the logging utility is competing for system resources. Enabling the Guarantee Logging option can slow access to the associated web application.

  13. Select the Report Detected Anomalies check box to allow the system to log details.
  14. Click Create.

    The display refreshes with the new logging profile. The log source is added to JSA as F5 Networks BIG-IP ASM events are automatically discovered. Events that are forwarded by F5 Networks BIG-IP ASM are displayed on the Log Activity tab of JSA.

Configuring a Log Source

JSA automatically discovers and creates a log source for syslog events from F5 Networks BIG-IP ASM appliances.

These configuration steps are optional.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select F5 Networks BIG-IP ASM.
  9. Using the Protocol Configuration list, select Syslog.
  10. Configure the following values:

    Table 1: Syslog Protocol Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for events from your F5 Networks BIG-IP ASM appliance.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

    The configuration is complete.