Manual Chapter : Event Logs Settings

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Event Logs Settings

About event logs in BIG-IQ Access

BIG-IQ Centralized management provides visibility solutions for activity within Access Policy Manager (APM) configurations. BIG-IQ logs various events, enabling you to monitor activity, functionality, and health for all of your access policies and configured resources. You may use BIG-IQ to manage which events are logged, as well as set a standard severity (or
log level
) for the log messages of each event type within an Access Group.
BIG-IQ allows users to configure log levels for all of the following Access System logs:
  • Access Policy
  • Per-Request Policy
  • Access Control Lists (ACLs)
  • Single-Sign On (SSO)
  • Secure Web Gateway
  • External Client Authentication (ECA)
  • OAuth
  • PingAccess Profile
  • Virtual Desktop Infrastructure (VDI)
  • Endpoint Management System
  • ADFS Proxy
The log levels you can set these reports to are, from least severe to most severe,
Debug
,
Informational
,
Notice
,
Warning
,
Error
,
Critical
,
Alert
,
Emergency
.
You may also able event logging for URL Requests, Allowed Events, Blocked Events, and Confirmed Events.

Configuring event logs settings

Configure event logs settings for BIG-IQ Access Policy Manager (APM) by following the procedure below.
  1. At the top of the screen, select
    Configuration
    , then on the left side of the screen, click
    ACCESS
    Access Groups
    .
  2. Click the name of an Access group.
    A new screen displays the group's properties.
  3. The screen displays the event log settings in the working configuration for the Access group.
    • To create an log setting, click the
      Create
      button.
    • To delete an log setting, select the check box next to the object and click the
      Delete
      button.
  4. Click
    Create
    or select an existing resource to begin configuration.
  5. Type a name for the name for the log setting.
  6. Enter a
    Partition
    . The default is
    Common
    . You can also enter a custom path to a partition you have created. Only users with access to a partition can view the objects that the partition contains. If the object resides in the
    Common
    partition, all users can access it.
  7. In the
    SSO Configuration Description
    field, type a descriptive text for the configuration.
  8. For
    Access System Logs
    , click the check box to specify a publisher for Access system logs and log levels.
  9. For
    Access Logs Publisher
    , select a log publisher.
  10. For the system log types, beginning with
    Access Policy
    and ending with
    ADFS Proxy
    , from the dropdown lists, select a log level. This field is available for configuration for Access Groups running BIG-IP version 13.1 and later. The default is
    Notice
    .
  11. For
    URL Request Logs
    , click the check box to select a publisher for the logs and specifies the URL requests to log based on whether the request was blocked or allowed.
  12. For
    URL Request Logs Publisher
    , select a log publisher.
  13. For
    Log Allowed Events
    , click the check box to log request data when a user tries to access a URL that the URL filter allows.
  14. For
    Log Blocked Events
    , click the check box to log request data when a user tries to access a URL that the URL filter blocks.
  15. For
    Log Confirmed Events
    , click the check box to log request data when a user confirms a request for access to a URL for which the URL filter requires confirmation.
  16. Click
    Save
    .
  17. Once you have finished configuring General Log Settings, you may configure
    Profiles Settings
    .
  18. Move log settings between the
    Available
    and
    Selected
    lists.
  19. Click
    Save & Close
    .
The new log settings configuration will display in the Event Logs Settings list.