F5 Networks FirePass
The F5 Networks FirePass DSM for JSA collects system events from an F5 FirePass SSL VPN device using syslog.
By default, remote logging is disabled and must be enabled in the F5 Networks FirePass device. Before receiving events in JSA, you must configure your F5 Networks FirePass device to forward system events to JSA as a remote syslog server.
Configuring Syslog Forwarding for F5 FirePass
To forward syslog events from an F5 Networks BIG-IP FirePass SSL VPN appliance to JSA, you must enable and configure a remote log server.
The remote log server can forward events directly to your JSA console or any Event Collector in your deployment.
- Log in to the F5 Networks FirePass Admin Console.
- On the navigation pane, select Device Management >Maintenance >Logs.
- From the System Logs menu, select the Enable Remote Log Server check box.
- From the System Logs menu, clear the Enable Extended System Logs check box.
- In the Remote host parameter, type the IP address or host name of your JSA.
- From the Log Level list, select Information.
The Log Level parameter monitors application level system messages.
- From the Kernel Log Level list, select Information.
The Kernel Log Level parameter monitors Linux kernel system messages.
- Click Apply System Log Changes.
The changes are applied and the configuration is complete. The log source is added to JSA as F5 Networks FirePass events are automatically discovered. Events that are forwarded to JSA by F5 Networks BIG-IP ASM are displayed on the Log Activity tab in JSA.
Configuring a Log Source
JSA automatically discovers and creates a log source for syslog events from F5 Networks FirePass appliances.
The following configuration steps are optional:
- Log in to JSA.
- Click the Admin tab.
- On the navigation menu, click Data Sources.
- Click the Log Sources icon.
- Click Add.
- In the Log Source Name field, type a name for your log source.
- In the Log Source Description field, type a description for the log source.
- From the Log Source Type list, select F5 Networks FirePass.
- Using the Protocol Configuration list, select Syslog.
- Configure the following values:
Table 1: Syslog Protocol Parameters
Log Source Identifier
Type the IP address or host name for the log source as an identifier for events from your F5 Networks FirePass appliance.
- Click Save.
- On the Admin tab, click Deploy Changes.