Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

F5 Networks BIG-IP APM

 

The F5 Networks BIG-IP Access Policy Manager (APM) DSM for JSA collects access and authentication security events from a BIG-IP APM device by using syslog.

To configure your BIG-IP LTM device to forward syslog events to a remote syslog source, choose your BIG-IP APM software version:

Configuring Remote Syslog for F5 BIG-IP APM 11.x to V14.x

You can configure syslog for F5 BIG-IP APM 11.x to V143.x.

To configure a remote syslog for F5 BIG-IP APM 11.x to V14.x take the following steps:

  1. Log in to the command-line of your F5 BIG-IP device.
  2. Type the following command to add a single remote syslog server:

    tmsh syslog remote server {<Name> {host <IP address>}}

    Where:

    • <Name> is the name of the F5 BIG-IP APM syslog source.

    • <IP address> is the IP address of the JSA console.

    For example,

    bigpipe syslog remote server {BIGIP_APM {host 10.100.100.101}}

  3. Type the following to save the configuration changes:

    tmsh save sys config partitions all

    The configuration is complete. The log source is added to JSA as F5 Networks BIG-IP APM events are automatically discovered. Events that are forwarded to JSA by F5 Networks BIG-IP APM are displayed on the Log Activity tab in JSA.

Configuring a Remote Syslog for F5 BIG-IP APM 10.x

You can configure syslog for F5 BIG-IP APM 10.x

To configure a remote syslog for F5 BIG-IP APM 10.x take the following steps:

  1. Log in to the command-line of your F5 BIG-IP device.
  2. Type the following command to add a single remote syslog server:

    bigpipe syslog remote server {<Name> {host <IP address>}}

    Where:

    • <Name> is the name of the F5 BIG-IP APM syslog source.

    • <IP address> is the IP address of JSA console.

    For example,

    bigpipe syslog remote server {BIGIP_APM {host 10.100.100.101}}

  3. Type the following to save the configuration changes:

    bigpipe save

    The configuration is complete. The log source is added to JSA as F5 Networks BIG-IP APM events are automatically discovered. Events that are forwarded to JSA by F5 Networks BIG-IP APM are displayed on the Log Activity tab.

Configuring a Log Source

JSA automatically discovers and creates a log source for syslog events from F5 Networks BIG-IP APM appliances.

These configuration steps are optional.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select F5 Networks BIG-IP APM.
  9. Using the Protocol Configuration list, select Syslog.
  10. Configure the following values:

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for events from your F5 Networks BIG-IP APM appliance.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

    The configuration is complete.