1 - BIG-IP
BIG-IP: Provides load balancing, traffic management, and application security for optimized service delivery.
To onboard such a source to Axoflow, complete the generic appliance onboarding steps.
Note that the device can be configured to send logs formatted as plain-text syslog, JSON, or key-value pairs. AxoRouter can automatically parse all flavors.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| Analytics label | Message field | value |
|---|---|---|
vendor |
meta.vendor |
f5 |
product |
meta.product |
bigip |
service |
meta.service.name |
ASM, apmd, audit_forwarder, CROND, F5, httpd, mcpd, sshd, sshd(pam_audit), systemd-journal, tmm, tmm1, tmm2, tmsh |
You can use the labels as:
- Filter labels on the Analytics page,
- in the Filter By Label field during log tapping.
You can use the message fields
- in Flow Processing steps, for example, in the Query field of Select Messages steps,
- in AQL expressions in the search bars.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| f5:bigip:syslog | netops |
| f5:bigip:ltm:access_json | netops |
| f5:bigip:asm:syslog | netops |
| f5:bigip:apm:syslog | netops |
| f5:bigip:ltm:ssl:error | netops |
| f5:bigip:ltm:tcl:error | netops |
| f5:bigip:ltm:traffic | netops |
| f5:bigip:ltm:log:error | netops |
| f5:bigip:gtm:dns:request:irule | netops |
| f5:bigip:gtm:dns:response:irule | netops |
| f5:bigip:ltm:http:irule | netops |
| f5:bigip:ltm:failed:irule | netops |
| nix:syslog | netops |
Tested with: Splunk Add-on for F5 BIG-IP
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: F5_BIGIP_APM.