Manual Chapter : Create and associate a logging profile for SSH proxy events

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Create and associate a logging profile for SSH proxy events

Create an SSH logging profile to specify the events that are logged for SSH proxy. Use a unique name for the log profile, and specify the log publisher you created for SSH Proxy events.
  1. On the Main tab, click
    Security
    Event Logs
    Logging Profiles
    .
    The Logging Profiles list screen opens.
  2. Click
    Create
    .
    The Create New Logging Profile screen opens.
  3. In the
    Profile Name
    field, type a unique name for the profile.
  4. Select the
    Protocol Security
    check box.
  5. In the SSH Proxy area, from the
    Publisher
    list, select the log publisher you created.
  6. To log client authentication failures, for
    Log Client Auth Fail Event
    , click
    Enabled
    .
  7. To log successful client authentications, for
    Log Client Auth Success Event
    , click
    Enabled
    .
  8. To log partial client events, for
    Log Client Auth Partial Event
    , click
    Enabled
    .
  9. To log server authentication failures, for
    Log Server Auth Fail Event
    , click
    Enabled
    .
  10. To log successful server authentications, for
    Log Server Auth Success Event
    , click
    Enabled
    .
  11. To log partial server events, for
    Log Server Auth Partial Event
    , click
    Enabled
    .
  12. To log disallowed channel action, for
    Log Disallowed Channel Action
    , click
    Enabled
    .
  13. To log allowed channel action, for
    Log Allowed Channel Action
    , click
    Enabled
    .
  14. To log SSH timeouts, for
    Log SSH Timeout Event
    , click
    Enabled
    .
  15. To log Non-SSH timeouts, for
    Log Non-SSH Timeout Event
    , click
    Enabled
    .
  16. Click
    Finished
    to create the SSH logging profile.
    To create the SSH logging profile at the command line, create the log profile with the following command:
    tmsh create sec log profile <
    log_profile_name
    > ssh-proxy add { ssh-log { log-publisher <
    log_publisher_name
    > allowed-channel-action enabled disallowed-channel-action enabled ssh-timeout enabled non-ssh-traffic enabled successful-server-side-auth enabled unsuccessful-client-side-auth enabled unsuccessful-server-side-auth enabled }}
  17. To associate the logging profile with the SSH virtual server, click
    Local Traffic
    Virtual Servers
    .
  18. Click the name of the SSH virtual server.
  19. From the
    Security
    menu, choose
    Policies
    .
  20. For the
    Log Profile
    setting:
    1. Set it to
      Enabled
      .
    2. From the
      Available
      list, move the SSH logging profile into the
      Selected
      list.
    You can assign only one local logging profile to a virtual server, but it can have multiple remote logging profiles.
  21. Click
    Update
    .
A logging profile that includes the SSH proxy events is created and associated with the SSH virtual server.