Manual Chapter :
Viewing Event Logs in Web Application Security
Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.4.0
About event log viewing
You can view Web Application Security event logs to review applications and server activities. BIG-IQ® Centralized Management enables a single view of all filters and log entries (and details for each entry) from multiple BIG-IP® devices.
You use tags and filters to allow you to select which events to view.
- Filters allow you to select the events to view by constructing a query that the events must match.
- You can assign tags to events to label them, so that you can use that label in queries.
Before you can view events, event logging must be configured as follows.
- Discover and activate a BIG-IQ Data Collection Device.
- Configure a BIG-IP device to collect event logs and send them to the BIG-IQ Centralized Management Data Collection Device. Part of this configuration includes a virtual server configured with a logging profile.
- Configure a logging profile for Web Application Security, assign it to a virtual server, and deploy it to the BIG-IP device that has been configured to collect log events. A logging profile is used to determine which events the system logs, and where, and the format of these events. It then directs security events to a BIG-IQ Data Collection Device, and the BIG-IQ Centralized Management system retrieves them from that node.
View event logs and define filters and tags
You can review Web Application
Security events on applications and servers from one or more
BIG-IP® devices. By default, the events are filtered to show only
illegal requests. You can use the Web Application Security Event Logs screen to define
tags and filters to help you find meaningful events.
Use event log filters
You use event log filters to refine
your searches through the event logs, including searches through event logs from
multiple
BIG-IP® devices.
View and delete event log tags
You can review the tags defined for
use with Web Application Security events and remove the tags.