Configuring Remote Syslog for F5 BIG-IP LTM V10.x

You can configure syslog for F5 BIG-IP LTM V10.x.

About this task

To configure syslog for F5 BIG-IP LTM V10.x take the following steps:

Procedure

  1. Log in to the command line of your F5 BIG-IP device.
  2. Type the following command to add a single remote syslog server:

    bigpipe syslog remote server {<Name> {host <IP_address>}}

    Where:
    • <Name> is the name of the F5 BIG-IP LTM syslog source.
    • <IP_address> is the IP address of IBM QRadar.

    For example:

    bigpipe syslog remote server {BIGIPsyslog {host 192.0.2.1}}

  3. Save the configuration changes:

    bigpipe save

    Note: F5 Networks modified the syslog output format in BIG-IP V10.x to include the use of local/ before the host name in the syslog header. The syslog header format that contains local/ is not supported in QRadar, but a workaround is available to correct the syslog header. For more information, see http://www.ibm.com/support.

    Events that are forwarded from your F5 Networks BIG-IP LTM appliance are displayed on the Log Activity tab in QRadar.