Device Details
|
Vendor |
F5 |
|---|---|
|
Device Type |
BIG-IP |
|
Supported Model Name/Number |
Application Security Manager (ASM) |
|
Supported Software Version(s) |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output? |
Yes |
|
Log Source Type |
Syslog – F5 BIG-IP ASM Key-Value Pairs |
|
Log Processing Policy |
LogRhythm Default |
|
Exceptions |
N/A |
|
Additional Information |
N/A |
Device Configuration Checklist
In the F5 Big-IP ASM interface, select the following:
-
Configuration. Basic
-
Logging Format. Key-Value Pairs
Currently Supported Log Types
|
Type |
Product Version |
Supported Schema Fields
|
|---|---|---|
|
Syslog |
1.0 |
<policy>, <status>, <responsecode>, <sip>, <protname>, <severity>, <threatname>, <login>, <sport>, <dport>, <dip>, <useragent>, <subject> |
Parsed Metadata Fields
|
Product Field Name |
LogRhythm Metadata Field |
Value/Data Type |
|---|---|---|
|
<attack_type> |
<threatname> |
Text/String |
|
<dest_ip> |
<dip> |
Destination IP |
|
<dest_port> |
<dport> |
Destination Port |
|
<ip_client> |
<sip> |
Source IP |
|
<message> |
<subject> |
Text/String |
|
<policy_name> |
<policy> |
Text/String |
|
<protocol> |
<protname> |
Protocol Name |
|
<request_status> |
<status> |
Text/String |
|
<response_code> |
<responsecode> |
Text/String |
|
<severity> |
<severity> |
Severity |
|
<src_port> |
<sport> |
Source Port |
|
<user-agent> |
<useragent> |
Text/String |
|
<username> |
<login> |
Originating User |