Manual Chapter :
Creating a Data Protection logging profile
Applies To:
Show VersionsBIG-IP ASM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Creating a Data Protection logging profile
Data
Protection logging profileBefore creating a
Data
Protection logging profile, you need to configure a
log publisher that will send the Data
Protection logs to the third-party platform of your
choice. Your log publisher must have a log destination of one of the following types:
Remote High-Speed Log, Local Syslog, Remote Syslog, or Splunk.Create a
Data
Protection logging profile so that you can receive a
log of information on client attempts to login to the website protected by your
BIG-IP DataSafe
profile and information on
alerts sent by the BIG-IP system.- On the Main tab, click.The Logging Profiles list screen opens.
- ClickCreate.The Create New Logging Profile screen opens.
- In theProfile Namefield, type a unique name for the profile.
- Select theEnabledcheck box byDataProtection.The screen displays theDataProtection tab.
- On theDataProtection tab, for Configuration, selectAdvanced.Advancedconfiguration is optional. However, if you chooseBasicconfiguration, you cannot set a rate-limit for sending log messages and the rate-limit is unlimited. Also, withBasicconfiguration you cannot select data items to be URL-encoded in log messages.
- For Publisher, select your log publisher from the list.
- For Rate-Limit Template, choose eitherDefaultorUser-Defined.The Rate-Limit Template settings define the notification that appears when the rate-limit for sending logs is exceeded.If you chooseUser-Defined, define the Rate-Limit template as follows:
- In the Available Items list, select the data items you want to appear in rate-limit exceeded notifications and move them to the Selected Items list.
- For Select Format, choose one of the following:
- Field-List:Specifies that the notification displays only the items you move from the Available Items list to the Selected Items list. The delimiter that you choose separates the items in the notification. After choosing a delimiter, clickFormatto see the revised template.
- Key-Value Pairs:Specifies that the notification displays the actual name of the selected item as being equal to the value of that item. For example, if you chooseKey-Value Pairsformat and one of your selected items istimestamp, if the value of timestamp is 1549888174, in the log message you will seetimestamp=1549888174.After choosing a delimiter, clickFormatto see the revised template.
- If you want data items to be URL-encoded in log messages and in the rate-limit exceeded notification, at Fields to Encode selectOnlyand then select the data items from the Available Items list and move them to the Selected Items list.
- For Login Attempt, select theEnabledcheck box.The Template and Rate Limit settings for Login Attempt messages appear.
- For the Login Attempt Template, choose eitherDefaultorUser-Defined.If you chooseUser-Defined, define the Login Attempt template as follows:
- In the Available Items list, select the data items you want to appear in login attempt messages and move them to the Selected Items list.
- For Select Format, choose one of the following:
- Field-List:Specifies that the message displays only the items you move from the Available Items list to the Selected Items list. The delimiter that you choose separates the items in the message. After choosing a delimiter, clickFormatto see the revised template.
- Key-Value Pairs:Specifies that the message displays the actual name of the selected item as being equal to the value of that item. For example, if you chooseKey-Value Pairsformat and one of your selected items istimestamp, if the value of timestamp is 1549888174, in the log message you will seetimestamp=1549888174.After choosing a delimiter, clickFormatto see the revised template.
- For Login Attempt Rate Limit, select eitherUnlimitedorSpecify.If you chooseSpecify, type your preferred rate limit in the text box.Rate Limits are calculated per-second, per TMM, with each TMM throttling as needed, independently of other TMMs.
- For Alert, select theEnabledcheck box.The Template and Rate Limit settings for Alert messages appear.
- For the Alert Template, choose eitherDefaultorUser-Defined.If you chooseUser-Defined, define the Alert template as follows:
- In the Available Items list, select the data items you want to appear in alert messages and move them to the Selected Items list.
- For Select Format, choose one of the following:
- Field-List:Specifies that the message displays only the items you move from the Available Items list to the Selected Items list. The delimiter that you choose separates the items in the message. After choosing a delimiter, clickFormatto see the revised template.
- Key-Value Pairs:Specifies that the message displays the actual name of the selected item as being equal to the value of that item. For example, if you chooseKey-Value Pairsformat and one of your selected items istimestamp, if the value of timestamp is 1549888174, in the log message you will seetimestamp=1549888174.After choosing a delimiter, clickFormatto see the revised template.
- For Alert Rate Limit, select eitherUnlimitedorSpecify.If you chooseSpecify, type your preferred rate limit in the text box.Rate Limits are calculated per-second, per TMM, with each TMM throttling as needed, independently of other TMMs.
- ClickCreate.The BIG-IP system saves your logging profile and the list of logging profiles appears.
After you have created a
Data
Protection logging profile, you need to associate the logging profile with a BIG-IP
DataSafe
profile.