Syslog - F5 BIG-IP ASM Key-Value Pairs
Device Details
Vendor | F5 |
|---|---|
Device Type | BIG-IP |
Supported Model Name/Number | Application Security Manager (ASM) |
Supported Software Version(s) | N/A |
Collection Method | Syslog |
Configurable Log Output? | Yes |
Log Source Type | Syslog – F5 BIG-IP ASM Key-Value Pairs |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | N/A |
Device Configuration Checklist
In the F5 Big-IP ASM interface, select the following:
- Configuration. Basic
- Logging Format. Key-Value Pairs
Currently Supported Log Types
Type | Product Version | Supported Schema Fields |
|---|---|---|
Syslog | 1.0 | <policy>, <status>, <responsecode>, <sip>, <protname>, <severity>, <threatname>, <login>, <sport>, <dport>, <dip>, <useragent>, <subject> |
Parsed Metadata Fields
Product Field Name | LogRhythm Metadata Field | Value/Data Type |
|---|---|---|
<attack_type> | <threatname> | Text/String |
<dest_ip> | <dip> | Destination IP |
<dest_port> | <dport> | Destination Port |
<ip_client> | <sip> | Source IP |
<message> | <subject> | Text/String |
<policy_name> | <policy> | Text/String |
<protocol> | <protname> | Protocol Name |
<request_status> | <status> | Text/String |
<response_code> | <responsecode> | Text/String |
<severity> | <severity> | Severity |
<src_port> | <sport> | Source Port |
<user-agent> | <useragent> | Text/String |
<username> | <login> | Originating User |