F5 Networks FirePass

Configuring Syslog Forwarding for F5 FirePass

To forward syslog events from an F5 Networks BIG-IP FirePass SSL VPN appliance to JSA, you must enable and configure a remote log server.

The remote log server can forward events directly to your JSA console or any Event Collector in your deployment.

1. Log in to the F5 Networks FirePass Admin Console.

2. On the navigation pane, select Device Management >Maintenance >Logs.

3. From the System Logs menu, select the Enable Remote Log Server check box.

4. From the System Logs menu, clear the Enable Extended System Logs check box.

5. In the Remote host parameter, type the IP address or host name of your JSA.

6. From the Log Level list, select Information.

   The Log Level parameter monitors application level system messages.

7. From the Kernel Log Level list, select Information.

   The Kernel Log Level parameter monitors Linux kernel system messages.

8. Click Apply System Log Changes.

   The changes are applied and the configuration is complete. The log source is added to JSA as F5 Networks FirePass events are automatically discovered. Events that are forwarded to JSA by F5 Networks BIG-IP ASM are displayed on the Log Activity tab in JSA.

Syslog Log Source Parameters for F5 Networks FirePass

If JSA does not automatically detect the log source, add a F5 Networks FirePass log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from F5 Networks FirePass: