You can configure syslog for F5 BIG-IP APM V11.x to V14.x.
About this task
To configure a remote syslog for F5 BIG-IP APM V11.x to V14.x take the following
steps:
Procedure
-
Log in to the command-line of your F5 BIG-IP device.
-
Type the following command to add a single remote syslog server:
tmsh syslog remote server {<Name> {host <IP
address>}}
Where:
- <Name> is the name of the F5 BIG-IP APM syslog source.
- <IP address> is the IP address of the QRadar
Console.
For example,
bigpipe syslog remote server {BIGIP_APM {host 192.0.2.1}}
-
Type the following to save the configuration changes:
tmsh save sys config partitions all
The configuration is complete. The log source is added to QRadar as F5 Networks BIG-IP APM
events are automatically discovered. Events that are forwarded to QRadar by F5 Networks BIG-IP APM
are displayed on the Log Activity tab in QRadar.