Applies To:
Show Versions
BIG-IQ Centralized Management
- 5.2.0
About event log viewing
You can view Web Application Security event logs to obtain useful insights regarding activity on applications and servers. The BIG-IQ® Centralized Management platform enables a single view of all filters and log entries (and details for each entry) from multiple BIG-IP® devices.
The event log interface consists of two filter fields and three screens:
- Filter fields:
- Selected devices filter. This filter appears below the Event Logs header. You can use it to select one or more devices for event viewing.
- Filter field. Appears to the right of the selected devices field. You can use it to type text to rapidly narrow the search scope. You can also save filters that you use often.
- Screens:
- Devices. At the far left, use this to select a group of requests, policies, saved filters, or pre-configured tags. The object you select determines the set of items that appears in the next screen.
- Log items. Use this to browse log items, or select one and view log item details.
- Details. Displays details of the item selected in the Log items screen.
Viewing event log details
Using common filters
- Click .
- To update log items according to a selected filter (such as Requests or Policies), click any item under Requests or Policies.
Filtering (basic)
Filtering (advanced)
You can type a query in the filter box in the format method:'value' protocol:'value' severity:'value'. For example: method:'GET' protocol:'HTTPS' severity:'error'.
Or, you can open the filter and use the method described in the following section.
Filtering by entering query parameters
key1:'value' key2:'value' (key3:'value' OR key4:'value').
For example:policy_name:'/Common/policy1'
The BIG-IQ® Centralized Management system supports both AND and OR constructs.
- OR. Use this operator to log the data that meets one or more of the criteria.
- AND. Use this operator to log the data that meets all of the criteria.