- MyF5 Home
- Knowledge Centers
- BIG-IQ Centralized Management
- F5 BIG-IQ Centralized Management: Security
- Managing Logging Profiles in Shared Security
Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.4.0
About logging profiles
The Logging Profiles screen lists both default logging profiles that cannot be modified, and other logging profiles that can be modified. The default logging profiles are: Log all requests, Log illegal requests, global-network, and local-dos. Default logging profiles are imported from the BIG-IP® device, and only top-level information about them can be viewed on the Logging Profiles screen, such as the logging profile name, description, partition, and devices.
A logging profile records requests to the virtual server. A logging profile determines where events are logged, and which items (such as which parts of requests, or which type of errors) are logged. Events can be logged either locally by the system and viewed in the Event Logs screens, or remotely by the client’s server. The system forwards the log messages to the client’s server using the Syslog service.
The logging profile can be associated with multiple virtual servers from multiple devices. Multiple logging profiles can be associated with a virtual server, but the multiple logging profiles cannot have an overlap subset configured. For example, two logging profiles with application security configured and enabled cannot be associated with the same virtual server. The application security and protocol security cannot be configured on the same logging profile or associated with the same virtual server. BIG-IQ® Centralized Management supports importing logging profiles with spaces in the name. An imported logging profile with spaces in the name can be modified on the BIG-IQ system and deployed back to a BIG-IP device. However, BIG-IQ does not support creating logging profiles with spaces in the name.
The logging publisher cannot be created or modified by the BIG-IQ Centralized Management system. The logging publisher specified by the BIG-IQ logging profile should be the same as that configured on the BIG-IP device.
Create logging profiles
- Click Configuration > SECURITY > Shared Security > Logging Profiles .
-
On the Logging Profiles screen, click Create.
The New Logging Profile screen opens with the Properties displayed.
- In the Name field, type a name for the logging profile.
- In the Description field, type an optional description for the logging profile.
-
If needed, change the default Common partition in the
Partition field.
The partition with that name must already exist on the BIG-IP®device. No whitespace is allowed in the partition name. Only users with access to a partition can view the objects (such as the logging profile) that it contains. If the logging profile resides in the Common partition, all users can access it.
-
On the left, click the logging type that you want to use, and then select the
Enabled check box to display the related
settings.
- Enable Application Security to specify that the system logs traffic to the web application. You cannot enable both Application Security and Protocol Security. Refer to the Configure for Application Security logging section of BIG-IQ Centralized Management: Security on support.f5.com for configuration information.
- Enable Protocol Security to specify that the system logs any dropped, malformed, and/or rejected requests sent through the given protocol. Refer to the Configure for Protocol Security logging section of BIG-IQ Centralized Management: Security on support.f5.com for configuration information.
- Enable Network Firewall to specify that the system logs ACL rule matches, TCP events, and/or TCP/IP errors sent to the network firewall. Refer to the Configure for Network Firewall logging section of BIG-IQ Centralized Management: Security on support.f5.com for configuration information.
- Enable Network Address Translation to specify which Network Address Translation (NAT) events the system logs, and where those events are logged. Refer to the Configure for Network Address Translation logging section of BIG-IQ Centralized Management: Security on support.f5.com for configuration information.
- Enable DoS Protection to specify that the system logs detected DoS attacks, and where DoS events are logged.
- Enable Bot Defense to specify that the system logs bot defence events. Refer to the Configure for Bot Defense logging section of BIG-IQ Centralized Management: Security on support.f5.com for configuration information.
You must configure each enabled logging type before you can use it. You can do that now, or save the profile and configure the logging types later. -
Specify the settings needed for each logging type you use.
You can configure multiple logging types while editing the logging profile.
- When finished, save your changes.
Configure for Application Security logging
- Click Configuration > SECURITY > Shared Security > Logging Profiles .
-
Click the name of the logging profile to configure on the Logging Profiles
screen.
The logging-profile-name screen opens with the Properties displayed.
-
On the left, click Application Security.
The Application Security configuration screen opens.
-
For Status, select the Enabled
check box.
The screen displays the Application Security configuration settings.
-
Supply the Application Security Configuration settings.
Property When enabled: Local Storage When enabled, specifies that the system stores all traffic in the system. This setting can only be disabled when Remote Storage is enabled. Guarantee Local Logging Specifies that the system logs all requests, even though this might slow your web application. When cleared (disabled), specifies that the system logs the requests as long as it does not slow your web application. The default is disabled. In either case, the system does not drop requests. This setting is displayed only when Local Storage is enabled. Response Logging Specifies whether, and how, the system logs HTTP responses. - Off: The system does not log responses. This is the default.
- For Illegal Requests Only: The system logs responses to illegal requests.
- For All Requests: The system logs all responses if the Request Type setting in the Storage Filter area is set to All Requests.
Guarantee Local Response Logging Specifies that the system logs all responses, even though this may slow your web application. When cleared (disabled), specifies that the system logs responses as long as it does not slow your web application. The default is disabled. In either case, the system does not drop responses. This setting is displayed only when Guarantee Local Logging is enabled, and Response Logging is set to For Illegal Requests Only or For All Requests. Remote Storage When enabled, specifies that the system stores all traffic on a remote logging server. This setting can only be disabled when Local Storage is enabled. Also provides additional remote storage options. Logging Format Specifies the logging format for the remote storage. - Select Comma-Separated Values to store traffic on a remote logging server like syslog. Messages are in syslog CSV format.
- Select Key-Value Pairs to store traffic on a third party reporting server (for example, Splunk) using a pre-configured storage format. Key value pairs are used in the log messages.
- Select Common Event Format (ArcSight) if your network uses ArcSight servers. Log messages are in Common Event Format (CEF).
- Select BIG-IQ if you are using a BIG-IQ ®system as your logging server and you are using a BIG-IP® device version 12.0 or later that has enabled the option to use a BIG-IQ system as a logging server.
Protocol Specifies the protocol that the remote storage server uses. Server Addresses Specifies one or more remote servers, reporting servers, ArcSight servers, or BIG-IQ Centralized Management systems on which to log traffic. Type the values for the IP Address and Port, and click Add for each server. Note: The default value for Port is 514 for all types of remote storage other than BIG-IQ. If BIG-IQ is selected for the Remote Storage Type, the default port is 8514.Facility Specifies the facility category of the logged traffic. The possible values are LOG_LOCAL0 through LOG_LOCAL7. Note: If you have more than one security policy, you can use the same remote logging server for both applications, and use the facility filter to sort the data for each.Storage Format Specifies how the log displays information and which traffic items the server logs, and in what order it logs them. - To determine how the log appears: select Field-List to display the items in the Selected list in CSV format with a delimiter you specify; select User-Defined to display the items in the Selected list in addition to any free text you type in the Selected list.
- To specify which items appear in the log and in what order, move items from the Available list into the Selected list.
Maximum Query String Size Specifies how much of a request the server logs. - Select Any to log the entire request.
- Select Length and type the maximum number of bytes to log to limit the number of bytes that are logged per request. The value you specify for Length must be less than the value specified for Maximum Entry Length.
Maximum Entry Length Specifies how much of the entry length the server logs. Select an appropriate value. The value you can select is determined by what protocol is selected. When logging Web Application Security traffic, the Maximum Entry Length setting should be set to 64K. Report Detected Anomalies Select Enabled if you want the system to send a report string to the remote system log when a brute force attack or web scraping attack starts and ends. -
Supply the Application Security settings for the Storage Filter area.
Property When enabled: Logic Operation Specifies whether requests must meet one or all criteria in the Storage Filter area for the system, or server, to log the requests. - OR: Specifies that requests must meet at least one of the criterion in the Storage Filter settings in order for the system, or server, to log the requests. This is the default.
- AND: Specifies that requests must meet all of the criteria in the Storage Filter settings in order for the system, or server, to log the requests.
Request Type Specifies which kind of requests the system, or server, logs. - Illegal requests only: Specifies that the system, or server, logs only illegal requests. This is the default.
- Illegal requests, and requests that include staged attack signatures: Specifies that the system, or server, logs illegal requests, and logs requests that include attack signatures in staging (even though the system considers those requests legal).
- All requests: Specifies that the system, or server, logs all requests.
Protocols Specifies whether request logging occurs for all protocols or only for selected protocols. - All: Specifies that the system, or server, logs requests for all protocols. This is the default.
- Only: Specifies that the system, or server, logs requests for only the specified protocol. HTTP and HTTPS are available for all supported BIG-IP device versions. WS and WSS are available only with BIG-IP devices version 12.1 or later. You can select more than one protocol for BIG-IP devices version 12.1 or later.
Response Status Codes Specifies whether request logging occurs for all response status codes or only for selected response status codes. This setting applies only to requests that are not blocked by the system. - All: Specifies that the system, or server, logs all requests that generate all response status codes. This is the default.
- Only: Specifies that the system, or server, logs only requests that generate specific response status codes. When selected, displays additional options where you specify the type of response status code to log. Unused status codes are in the Available list, selected status codes are in the Selected list.
HTTP Methods Specifies whether request logging occurs for all HTTP methods or only for selected HTTP methods. - All: Specifies that the system, or server, logs requests for all HTTP methods. This is the default.
- Only: Specifies that the system, or server, logs requests for the specified HTTP method. When selected, displays options where you specify the type of HTTP method to log.
Request Containing String Specifies whether the request logging is dependent on a specific string. - All: Specifies that the system logs all requests, regardless of string. This is the default.
-
Search
In: Specifies that the system logs only requests
containing a specific string in a particular part of the
request.
- Select the part of the request to search from the list (Request, URI, Query String, Post Data, or Headers).
- Type the string to search for in the request in the field to the right. The search is case-sensitive.
Login Result Specifies whether request logging occurs for all login results or only for selected login results. - All: Specifies that the system, or server, logs all login results. This is the default.
- Only: Specifies that the system, or server, logs login results of the specified type. When selected, displays options where you specify the login results to log. This option is only valid with BIG-IP devices version 13.0 or later.
- When you are finished, save your changes.
Configure for Protocol Security logging
- Click Configuration > SECURITY > Shared Security > Logging Profiles .
-
On the Logging Profiles screen, click the name of the logging profile to
configure.
The logging-profile-name screen opens with the Properties displayed.
-
On the left, click Protocol Security.
The Protocol Security configuration screen opens.
-
For Status, select the Enabled
check box.
The screen displays the Protocol Security configuration settings.
-
In the HTTP, FTP, and SMTP Security area, in the
Publisher setting, select the log publisher to use
for the HTTP, FTP and SMTP protocols , or accept the default of
None.
This value specifies where the system sends log messages.
-
In the DNS Security area, supply the Protocol Security DNS Security settings to
configure where the system logs any dropped, malformed, rejected, and malicious
DNS requests.
Property When enabled: Publisher Specifies the name of the log publisher used for logging DNS security events. Select a log publisher from the list, or accept the default of None. Log Dropped Requests Specifies that the system logs dropped DNS requests. Log Filtered Dropped Requests Specifies that the system logs filtered dropped DNS requests. Log Malformed Requests Specifies that the system logs malformed DNS requests. Log Rejected Requests Specifies that the system logs rejected DNS requests. Log Malicious Requests Specifies that the system logs malicious DNS requests. Storage Format Specifies the format type for log messages. You can set the following options: - None Specifies that the system uses the default format type to log the messages to a Remote Syslog server. This is the default setting.
-
Field-List Specifies that the system
uses a set of fields, set in a specific order, to log messages.
When this is selected, specify the field list as follows.
- Specify
the delimiter string in the
Delimiter field. The default
delimiter is the comma character (,). Note: Do not use the $ character: it is reserved for internal usage.
- Select the fields to use. Unused fields are in the Available list, selected fields are in the Selected list.
- Specify
the delimiter string in the
Delimiter field. The default
delimiter is the comma character (,).
- User-Defined Specifies that the format the system uses to log messages is in the form of a user-defined string. Select the items for the server to log. Unused items are in the Available list, selected items are in the Selected list.
-
In the SIP Security area, supply the Protocol Security SIP Security settings to
configure where the system logs any dropped and malformed malicious SIP
requests, global and request failures, redirected responses, and server
errors.
Property When enabled: Publisher Specifies the name of the log publisher used for logging SIP protocol security events. Select a log publisher configured in your system. Log Dropped Requests Specifies that the system logs dropped requests. Log Global Failures Specifies that the system logs global failures. Log Malformed Requests Specifies that the system logs malformed requests. Log Redirection Responses Specifies that the system logs redirection responses. Log Request Failures Specifies that the system logs request failures. Log Server Errors Specifies that the system logs server errors. Storage Format Specifies the format type for log messages. You can configure the following options: - None Specifies that the system uses the default format type to log the messages to a Remote Syslog server. This is the default setting.
-
Field-List Specifies that the system
uses a set of fields, set in a specific order, to log messages.
When Field-List is selected, specify the
field list as follows.
- Specify
the delimiter string in the
Delimiter field. The default
delimiter is the comma character (,). Note: Do not use the $ character; it is reserved for internal usage.
- Select the fields to use. Unused fields are in the Available list, selected fields are in the Selected list.
- Specify
the delimiter string in the
Delimiter field. The default
delimiter is the comma character (,).
- User-Defined Specifies that the format the system uses to log messages is in the form of a user-defined string. Select the items for the server to log. Unused items are in the Available list, selected items are in the Selected list.
-
In the SSH Proxy area, supply the Protocol Security SSH Proxy settings to
configure logging of SSH proxy use. Select Enabled to
make the other settings available.
Property When enabled: Publisher Specifies the name of the log publisher used for logging SSH proxies. Select a log publisher configured in your system. Allowed Channel Action Logs allowed channel action events. Disallowed Channel Action Logs disallowed channel action events. Non SSH Traffic Logs non SSH traffic events. SSH Timeout Logs SSH timeout events. Successful Client Side Auth Logs successful client side authentication events. Successful Server Side Auth Logs successful server side authentication events. Unsuccessful Client Side Auth Logs unsuccessful client side authentication events. Unsuccessful Server Side Auth Logs unsuccessful server side authentication events. Log Client Auth Partial Event Logs client side partial authentication events. Log Server Auth Partial Event Logs server side partial authentication events. - When you are finished, save your changes.
Configure for Network Firewall logging
- Click Configuration > SECURITY > Shared Security > Logging Profiles .
-
On the Logging Profiles screen, click the name of the logging profile to
configure.
The logging-profile-name screen opens with the Properties displayed.
-
On the left, click Network Firewall.
The Network Firewall configuration screen opens.
-
For Status, select the Enabled
check box.
The screen displays the Network Firewall properties.
-
In the Properties area, supply the Network Firewall settings to configure which
network firewall events the system logs, and where they are logged.
Property When enabled: Publisher Specifies the name of the log publisher used for logging Network events. Select a log publisher configured in your system. Aggregate Rate Limit Defines a rate limit for all combined network firewall log messages per second. Beyond this rate limit, log messages are not logged. You can select Indefinite, which sets the rate limit to the maximum of 4294967295, or you can select Specify to specify a lower rate limit as an integer between 0 and 4294967295. Log Rule Matches Specifies that the system logs packets that match the ACL rules. - Accept Specifies that the system logs packets that match ACL rules configured with action = Accept.
- Drop Specifies that the system logs packets that match ACL rules configured with action = Drop.
- Reject Specifies, that the system logs packets that match ACL rules configured with action = Reject.
- Indefinite sets the rate limit to the maximum of 4294967295, and Specify allows you to specify a lower rate limit as an integer between 0 and 4294967295.
- If the rate limit is exceeded, log messages of the matched action type are not logged until the threshold drops below the specified rate.
Log IP Errors Specifies that the system logs IP error packets. When enabled, you can specify a rate limit for all network firewall log messages of this type. If this rate limit is exceeded, log messages of this type are not logged until the threshold drops below the specified rate. You can select a Rate Limit of Indefinite, which means the rate limit is set to the maximum of 4294967295, or you can select Specify and specify an integer between 0 and 4294967295 that represents the number of messages per second. Log TCP Errors Specifies that the system logs TCP error packets. If this rate limit is exceeded, log messages of this type are not logged until the threshold drops below the specified rate. You can select a Rate Limit of Indefinite, which means the rate limit is set to the maximum of 4294967295, or you can select Specify and specify an integer between 0 and 4294967295 that represents the number of messages per second. Log TCP Events Specifies that the system logs TCP events (open and close of TCP sessions). If this rate limit is exceeded, log messages of this type are not logged until the threshold drops below the specified rate. You can select a Rate Limit of Indefinite, which means the rate limit is set to the maximum of 4294967295, or you can select Specify and specify an integer between 0 and 4294967295 that represents the number of messages per second. Log Translation Fields Specifies that translation values are logged if and when a network firewall event is logged. Always Log Region Specifies that the geographic location should be logged when a geolocation event causes a network firewall event. Storage Format Specifies the format type for log messages. You can configure the following options: - None Specifies that the system uses the default format type to log the messages to a Remote Syslog server. This is the default setting.
-
Field-List Specifies that the system
uses a set of fields, set in a specific order, to log
messages.
When Field-List is selected, specify the field list as follows.
- Specify
the delimiter string in the
Delimiter field. The default
delimiter is the comma character (,). Note: Do not use the $ character; it is reserved for internal usage.
- Select the fields to use. Unused fields are in the Available list, selected fields are in the Selected list.
- Specify
the delimiter string in the
Delimiter field. The default
delimiter is the comma character (,).
- User-Defined Specifies that the format the system uses to log messages is in the form of a user-defined string. Select the items for the server to log.
-
In the IP Intelligence area, supply the Network Firewall IP Intelligence
settings to configure where IP intelligence events are logged.
If the IP intelligence feature is enabled and licensed, you can configure the system to log source IP addresses that match an IP intelligence blacklist or whitelist category, as determined by the database of preconfigured categories, or as determined from an IP intelligence feed list.
Property When enabled: Publisher Specifies the name of the log publisher used for logging IP address intelligence events. Select a log publisher configured in your system. Aggregate Rate Limit Defines a rate limit for all combined IP intelligence log messages per second. Beyond this rate limit, log messages are not logged until the threshold drops below the specified rate. You can select a rate limit of Indefinite, which means the rate limit is set to the maximum of 4294967295, or you can select Specify and specify an integer between 0 and 4294967295 that represents the number of messages per second. Log Translation Fields Specifies that translation values are logged if and when a network firewall event is logged. Log Shun Events Specifies that IP Intelligence shun list events are logged. Log RTBH Events Specifies that remotely triggered black holing (RTBH) events are logged. Log Scrubber Events Specifies that IP Intelligence scrubber events are logged. -
In the Traffic Statistics area, supply the Network Firewall Traffic Statistics
settings to configure logging of traffic statistics.
Property When enabled: Publisher Specifies the name of the log publisher used for logging traffic statistics. Select a log publisher configured in your system. Log Timer Events Specifies: - Active Flows - Logs the number of active flows each second.
- Reaped Flows - Logs the number of reaped flows, or connections that are not established because of system resource usage levels.
- Missed Flows - Logs the number of packets that were dropped because of a flow table miss. A flow table miss occurs when a TCP non-SYN packet does not match an existing flow.
- SYN Cookie (Per Session Challenge) - Logs the number of SYN cookie challenges generated each second.
- SYN Cookie (White-listed Clients) - Logs the number of whitelisted SYN cookie clients each second.
-
In the Port Misuse area, supply the Network Firewall Port Misuse settings to
configure logging of port misuse policies.
Property When enabled: Publisher Specifies the name of the log publisher used for logging port misuse policies. Select a log publisher configured in your system. Aggregate Rate Limit Defines a rate limit for all port misuse policy log messages per second. Beyond this rate limit, log messages are not logged until the threshold drops below the specified rate. You can select a rate limit of Indefinite, which means the rate limit is set to the maximum of 4294967295, or you can select Specify and specify an integer between 0 and 4294967295 that represents the number of messages per second. - When you are finished, save your changes.
Configure for Network Address Translation logging
- Click Configuration > SECURITY > Shared Security > Logging Profiles .
-
On the Logging Profiles screen, click the name of the logging profile to
configure.
The logging-profile-name screen opens with the Properties displayed.
-
On the left, click Network Address Translation.
The Network Address Translation configuration screen opens.
-
For Status, select the Enabled
check box.
The screen displays the Network Address Translation properties.
-
Supply the Network Address Translation settings to configure which NAT events
the system logs, and where they are logged.
Property When enabled: LSN Legacy Mode When enabled, specifies that events be logged in Carrier Grade Network Address Translation (CGNAT) LSN format for backward compatibility. If not enabled, the newer HSL logging format is used, which is the default. Aggregate Rate Limit Specifies, when enabled, a rate limit for all combined NAT firewall log messages per second. Above this rate limit, log messages are not logged. - To enable a limit, select Specify and provide a numeric value for the number of messages per second.
- To have no limit, select Indefinite.
Start Outbound Session Specifies logging options for the start of an outbound translation session, when the outbound flow is created. Select one of the following from the list.
- Select Enabled to log Start Outbound Session events.
- Select Disabled to not log Start Outbound Session events. This is the default.
- Select Backup Allocation Only to log the translation event if the translation occurred due to backup addresses being configured in a NAT Source Translations object.
- Select Include Destination Address/Port to include the destination address/port.
- In the
Rate Limit setting, specify a rate
limit for these events.
- To enable a limit, select Specify and provide a numeric value for the number of messages per second.
- To have no limit, select Indefinite.
End Outbound Session Specifies logging options for the end of an outbound translation session, when the outbound flow is deleted. Select one of the options from the list.
- Select Enabled to log End Outbound Session events.
- Select Disabled to not log End Outbound Session events. This is the default.
- Select Backup Allocation Only to log the translation event if the translation occurred due to backup addresses being configured in a NAT Source Translations object.
- Select Include Destination Address/Port to include the destination address/port.
- In the
Rate Limit setting, specify a rate
limit for these events.
- To enable a limit, select Specify and provide a numeric value for the number of messages per second.
- To have no limit, select Indefinite.
Start Inbound Session Specifies logging options for the start of an incoming connection to a translated address. Select one of the options from the list.
- Select Enabled to log Start Inbound Session events.
- Select Disabled to not log Start Inbound Session events. This is the default.
- Select Backup Allocation Only to log the translation event if the translation occurred due to backup addresses being configured in a NAT Source Translations object.
- In the
Rate Limit setting, specify a rate
limit for these events.
- To enable a limit, select Specify and provide a numeric value for the number of messages per second.
- To have no limit, select Indefinite.
End Inbound Session Specifies logging options for the end of an incoming connection to a translated address. Select one of the options from the list.
- Select Enabled to log End Inbound Session events.
- Select Disabled to not log End Inbound Session events. This is the default.
- Select Backup Allocation Only to log the translation event if the translation occurred due to backup addresses being configured in a NAT Source Translations object.
- In the
Rate Limit setting, specify a rate
limit for these events.
- To enable a limit, select Specify and provide a numeric value for the number of messages per second.
- To have no limit, select Indefinite.
Quota Exceeded When enabled, specifies logging when a client exceeds the allocated resource limit. In the Rate Limit setting, specify a rate limit for these events.- To enable a limit, select Specify and provide a numeric value for the number of messages per second.
- To have no limit, select Indefinite.
Errors When enabled, specifies logging when errors are encountered while attempting translation for clients. In the Rate Limit setting, specify a rate limit for these events.- To enable a limit, select Specify and provide a numeric value for the number of messages per second.
- To have no limit, select Indefinite.
Publisher Specifies the name of the log publisher used for logging NAT events. Select a log publisher configured in your system. - When you are finished, save your changes.
Configure for DoS Protection logging
- Click Configuration > SECURITY > Shared Security > Logging Profiles .
-
On the Logging Profiles screen, click the name of the logging profile to
configure.
The logging-profile-name screen opens with the Properties displayed.
-
On the left, click DoS Protection.
The DoS Protection configuration screen opens.
-
For Status, select the Enabled
check box.
The screen displays the DoS Protection properties.
-
Supply the DoS Application Protection settings to configure where DoS
application protection events are logged.
- Enable Local Publisher to specify that the system logs DoS events to the local database.
- Select a Remote Publisher to specify the name of the log publisher used for logging events. Select a log publisher configured in your system.
- In the DNS DoS Protection area, configure where DNS DoS protection events are logged: Select a Publisher to specify the name of the log publisher used for logging events. Select a log publisher configured in your system.
- For the SIP DoS Protection area, configure where SIP DoS protection events are logged: Select a Publisher to specify the name of the log publisher used for logging events. Select a log publisher configured in your system.
- For the Network DoS Protection area, configure where Network DoS protection events are logged: Select a Publisher to specify the name of the log publisher used for logging events. Select a log publisher configured in your system.
- When you are finished, save your changes.
Configure for Bot Defense logging
- Click Configuration > SECURITY > Shared Security > Logging Profiles .
-
On the Logging Profiles screen, click the name of the logging profile to
configure.
The logging-profile-name screen opens with the Properties displayed.
-
On the left, click Bot Defense.
The Bot Defense configuration screen opens.
-
For Status, select the Enabled
check box.
The screen displays the Bot Defense request logging properties.
-
In the Request Log area, select the request logging options to use.
- To use a local publisher, in the Local Publisher setting, select Enabled.
- To use a remote publisher, in the Remote Publisher setting, select the remote publisher to use. Select None to not use a remote publisher.
- To log illegal requests, in the Log Illegal Requests setting, select Enabled.
- To log Captcha challenged requests, in the Log Captcha Challenged Requests setting, select Enabled.
- To log challenged requests, in the Log Challenged Requests setting, select Enabled.
- To log bot signature matched requests, in the Log Bot Signature Matched Requests setting, select Enabled.
- To log legal requests, in the Log Legal Requests setting, select Enabled.
- When you are finished, save your changes.
Editing logging profiles
Use the Logging Profiles screen to edit logging profiles.
- Click the name of the logging profile on the Logging Profiles screen. The Logging Profiles - logging profile name screen displays, where logging profile name is the name of the logging profile you are editing.
- In the Logging Profiles - logging profile name screen, review and add or modify the properties as appropriate. The logging profile properties are described in Creating logging profiles in this section.
- When finished, save your changes in one of two ways:
- Click Save to save the logging profile.
- Click Save & Close to save the logging profile and return to the Logging Profiles screen.
Deleting logging profiles
Use the Logging Profiles screen to delete logging profiles.
- Select the name of the logging profile on the Logging Profiles screen.
- Click Delete.
The logging profile is removed from the list of defined logging profiles.