You can configure syslog for F5 BIG-IP LTM V10.x.
About this task
To configure syslog for F5 BIG-IP LTM V10.x take the following steps:
Procedure
-
Log in to the command line of your F5 BIG-IP device.
-
Type the following command to add a single remote syslog server:
bigpipe syslog remote server {<Name> {host
<IP_address>}}
Where:
- <Name> is the name of the F5 BIG-IP LTM syslog source.
- <IP_address> is the IP address of IBM
QRadar.
For example:
bigpipe syslog remote server {BIGIPsyslog {host 192.0.2.1}}
-
Save the configuration changes:
bigpipe save
Note: F5 Networks modified the syslog output format in BIG-IP V10.x to include the use of
local/ before the host name in the syslog header. The syslog header format that
contains
local/ is not supported in
QRadar, but a workaround is
available to correct the syslog header. For more information, see
http://www.ibm.com/support.
Events that are forwarded from your F5 Networks BIG-IP LTM appliance are displayed on the
Log Activity tab in QRadar.