Today I will give you a quick and easy solution for configuring high speed logging on F5 BIG-IP destined for McAfee’s Security and Information Event Manager (SIEM). All you have to do is formatting the LTM/ASM logs in a way that McAfee understands.
If you’re reading this you probably ran into an issue parsing the logs coming from a v11 F5 BIG-IP in your McAfee Nitro Receiver. You probably tried configuring a logging profile on your F5 BIG-IP ASM and found that the logs don’t seem to show up correctly in your McAfee SIEM. You probably also found lots of forum Q&A’s pointing you to using a complicated iRule to send logs in NEDS format to your McAfee receiver. It’s your lucky day, there’s an easier solution for this! Continue reading “McAfee’s Nitro SIEM – BigIP v11 Integration”