Breadcrumbs

Syslog - F5 Silverline DDoS Protection

Device Details

Vendor

F5

Device Type

DDoS Protection Syslog

Supported Model Name/Number

Cloud-delivered DDoS protection

Supported Software Version(s)

N/A

Collection Method

Syslog

Configurable Log Output?

N/A

Log Source Type

Syslog - F5 Silverline DDoS Protection

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://www.f5.com/pdf/products/silverline-ddos-datasheet.pdf

Prerequisites

To access the Syslog - F5 Silverline DDoS Protection, you need one of the following web browsers:

  • Microsoft Internet Explorer 11 or higher

  • Mozilla Firefox

  • Apple Safari

  • Google Chrome

Device Configuration Checklist

Currently Supported Log Types

Type

Product Version

Supported Schema Fields

IP Intelligence Messages

All

<process>, <action>, <objecttype>, <objectname>, <dip>, <dport>, <subject>, <policy>, <threatname>, <protname>, <severity>, <sip>, <sport>

Network Traffic Passing Messages

All

<process>, <sip>, <sport>, <object>, <objectname>, <version>, <severity>, <objecttype>, <dip>, <dport>, <processid>, <snatip>, <snatport>, <dname>, <dnatip>, <dnatport>

Web Application Firewall Message

All

<process>, <threatname>, <dip>, <dport>, <sip>, <policy>, <protname>, <command>, <status>, <responsecode>, <severity>, <sport>, <url>, <login>, <subject>

DDoS Attacks Messages

All

<process>, <action>, <url>, <threatname>, <reason>, <tag1>, <subject>, <vmid>, <object>, <severity>, <sip>

Catch All

All

<severity>

Parsed Metadata Fields

Product Field Name

LogRhythm Metadata Field

Value/Data Type

(Impacted) IP Address

<dnatip>

IP Address

(Impacted) NAT TCP/UDP Port

<dnatport>

Number

Action

<action>

Text/ String

Attack_type\ msg_type

<objecttype>

Text/ String

Command

<command>

Text/ String

Context_name\ data

<objectname>

Text/ String

Dst_server

<dname>

Text/ String

Dstip

<dip>

IP Address

Dstport

<dport>

Number

Irule

<object>

Text/ String

Login

<login>

Text/ String

NAT IP Address

<snatip>

IP Address

NAT TCP/UDP Port

<snatport>

Number

Policytype

<policy>

Text/ String

Protocol

<protname>

Text/ String

Reason

<reason>

Text/ String

Responsecode

<responsecode>

Number

Serviceid

<processed>

Number

Severity

<severity>

Text/ String

Source IP

<sip>

IP Address

Source port

<sport>

Number

Status

<status>

Text/ String

Subject

<subject>

Text/ String

Threatname

<threatname>

Text/ String

Type

<process>

Text/ String

URL

<url>

Text/ String

Vendorid

<vmid>

Text/ String

Version

<version>

Number