Configuring Remote Syslog for F5 BIG-IP APM V11.x to V14.x

You can configure syslog for F5 BIG-IP APM V11.x to V14.x.

About this task

To configure a remote syslog for F5 BIG-IP APM V11.x to V14.x take the following steps:

Procedure

  1. Log in to the command-line of your F5 BIG-IP device.
  2. Type the following command to add a single remote syslog server:

    tmsh syslog remote server {<Name> {host <IP address>}}

    Where:
    • <Name> is the name of the F5 BIG-IP APM syslog source.
    • <IP address> is the IP address of the QRadar Console.
    For example,

    bigpipe syslog remote server {BIGIP_APM {host 192.0.2.1}}

  3. Type the following to save the configuration changes:

    tmsh save sys config partitions all

    The configuration is complete. The log source is added to QRadar as F5 Networks BIG-IP APM events are automatically discovered. Events that are forwarded to QRadar by F5 Networks BIG-IP APM are displayed on the Log Activity tab in QRadar.