Go to Settings >> Configuration from the navigation bar and click Repos.
Click Add.
Enter a Repo Name. It cannot contain spaces or special characters.
Select a Repo Path and set a Retention Day. You can add or remove multiple Repo Path and Retention Day.
Select a Remote LogPoint
Set a Available for (day). To reset, click Remove.
Click Submit.
Adding a Repo¶
Go to Settings >> Configuration from the navigation bar and click Normalization Policies.
Click Add.
Enter a Policy Name.
Select the Compiled Normalizer and Normalization Packages for BIG-IP.
Click Submit.
Adding a Normalization Policy¶
Go to Settings >> Configuration from the navigation bar and click Processing Policies.
Click Add.
Enter a Policy Name.
Select the previously created Normalization Policy.
Select the Enrichment Policy and Routing Policy.
Click Submit.
Adding a Processing Policy¶
Go to Settings >> Configuration from the navigation bar and click Devices.
Click Add.
Enter a device Name.
Enter the BIG-IP server IP address(es).
Select the Device Groups.
Select an appropriate Log Collection Policy for the logs.
Select a collector or a forwarder from the Distributed Collector drop-down.
Note
It is optional to select the Device Groups, the Log Collection Policy and the Distributed Collector.
Select a Time Zone. The timezone of the device must be same as its log source.
Configure the Risk Values for Confidentiality, Integrity and Availability used to calculate the risk levels of the alerts generated from the device.
Click Submit.
Adding BIG-IP as a Device¶
Go to Settings >> Configuration from the navigation bar and click Devices.
Click the Add icon from Actions of the previously added device.
Click Syslog Collector.
Select Syslog Parser as Parser.
Select the previously created Processing Policy.
Select the Charset.
In Proxy Server, select None
Click Submit.
Configuring Syslog Collector¶