Follow

How To Configure Log Export

 

Log Export 1 has been decommissioned on November 15th, 2021. Log Export2 will be renamed as Log Export.

Description

This article is for customers who want to include F5 Silverline event activity in their own SIEM / Log Collection systems.

  • Log Export allows events that are generated by Silverline (DDoS mitigation, Threat Intelligence, WAF, iRules) to be transmitted in near-real time (UTC) to a secured log receiver.  
  • Customers can integrate or generate reports based on the data to assess the state of their security perimeter and threat mitigation strategy.

Important Note: Log Export is NOT enabled by default

1. In Silverline Portal, Navigate to Config

2. Check if Log Export appears as option

3. If not, Contact SOC to request

 

Environment

  • Silverline DDoS
  • Silverline WAF
  • Threat Intelligence
  • iRules

 

Procedure

Important Note: Log Export logs will be sent from each Point of Presence (mPop/rPoP) that a proxy is deployed in. To ensure you receive all log messages you must allow a specific list of F5 Silverline SNAT IPs to your firewall allow-list. Failure to do so may result in some, or all, log messages being undelivered.
  1. Login to the F5 Silverline Customer Portal

  2. In the Portal, go to: Config > Log Export 
    Note: if you do not have an option for Log Export open a support request with the Silverline SOC

  3. On the Log Export page, click Create Endpoint that corresponds to your log server
    • We currently support DataDog, LogDNA, Splunk Cloud, Sumo Logic, and Syslog

  4. On the Add Log Export Destination page:
  5. Click Save and your configuration will be queued for global deployment

 

Testing

Once the deployment has been completed a Configuration box will display at the top of the Log Export Page. You can generate a test message to test your configuration.

If you require additional assistance with your Log Export configuration, please open a ticket with the F5 Silverline Security Operations Center by sending an email containing your request to support@f5silverline.com.

 

Related Content

 
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request