Applies To:Show Versions
BIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Configuring Remote Logging for Access
Configure logging for Access Policy Manager
- At the top left of the screen, click.
- ClickRemote Logging Configuration.The Remote Logging Configuration screen opens to display all of the discovered BIG-IP devices that are provisioned with the Access service.
- Select the BIG-IP devices for which you want to enable remote logging, and then clickConfigure.Thehostnameof the primary data collection device is displayed, and the status changes to let you know whether the enable request was successful.
high-speed BIG-IQ and SWG event logging
Pool of remote log servers
Create a pool of remote log servers to which the BIG-IP system can send log messages.
Create a log destination of Remote High-Speed Log type that specifies a pool of remote log servers.
If your remote log servers are the ArcSight, Splunk, or Remote Syslog type, create an additional log destination to format the logs in the required format and forward the logs to a remote high-speed log destination.
Create a log publisher to send logs to a set of specified log destinations.
Add event logging for the APM system and configure log levels for it or add logging for URL filter events, or both. Settings include the specification of up to two log publishers: one for access system logging and one for URL request logging.
Add log settings to the access profile. The log settings for the access profile control logging for the traffic that comes through the virtual server to which the access profile is assigned.
Create a pool of remote logging servers
- At the top of the screen, clickConfiguration.
- On the Main tab, click.The Pool List screen opens.
- ClickCreate.The New Pool screen opens.
- In theNamefield, type a unique name for the pool.
- Using theNew Memberssetting, add the IP address for each remote logging server that you want to include in the pool:
- Type an IP address in theAddressfield, or select a node address from theNode List.
- Type a service number in theService Portfield, or select a service name from the list.Typical remote logging servers require port514.
Create a new log publisher
- At the top of the screen, clickConfiguration, then, on the left, click .The screen displays a list of the Log Publishers that are defined on this device.
- To create a new log publisher, clickCreate.The New Log Publisher screen opens so you can define the settings you want for this publisher.
- In theNamefield, type in a name for the log publisher you are creating.
- Select the Log Destinations for this publisher.
- Select a destination type from the Available list.The list of destinations displays only the type you selected.
- Select one or more destinations from the Available list.
- Move the selected destinations to the Selected list.If you are using a formatted destination, select the destination that matches your log servers, such as Remote Syslog, Splunk, or ArcSight.
- Specify the additional settings needed to suit the requirements for this log publisher.The parameters on this screen are optional and perform the same function as they do when you configure a log publisher on a BIG-IP device.For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on support.f5.com. From the BIG-IP Knowledge Center, select the BIG-IP LTM module and the software version you have installed; then select the appropriate guide. For example, information about the log publisher parameters for BIG-IP version 13.0 is provided in theExternal Monitoring of BIG-IP Systems: Implementationsguide.
- ClickSave & Close.The system creates the new log publisher with the settings you specified.
Configure log settings for access system and URL request events
- At the top of the screen, selectConfiguration, then on the left side of the screen, click .
- Click the name of an Access group.A new screen displays the group's properties.
- Type a name for the name for the log setting.
- In theSSO Configuration Descriptionfield, type a descriptive text for the configuration.
- ForAccess System Logs, click the check box to specify a publisher for Access system logs and log levels.
- ForAccess Logs Publisher, select a log publisher.
- For the system log types, beginning withAccess Policyand ending withADFS Proxy, from the dropdown lists, select a log level. The default isNotice.
- ForURL Request Logs, click the check box to select a publisher for the logs and specifies the URL requests to log based on whether the request was blocked or allowed.
- ForURL Request Logs Publisher, select a log publisher.
- ForLog Allowed Events, click the check box to log request data when a user tries to access a URL that the URL filter allows.
- ForLog Blocked Events, click the check box to log request data when a user tries to access a URL that the URL filter blocks.
- ForLog Confirmed Events, click the check box to log request data when a user confirms a request for access to a URL for which the URL filter requires confirmation.
- ClickSave & Close.