Blumira’s modern cloud SIEM platform integrates with F5 Big-IP APM to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.
When configured, the Blumira integration with F5-IP APM will stream security event logs to the Blumira service for threat detection and actionable response
The F5 BIG-IP Load balancer supports logging syslog out to one or multiple remote syslog servers. The methodology to update your F5 will depend on if you’re on version 10.x – 13.x or if you’re on an older version such as 9.x. None of the changes below should impact your system.
Due to the version of your device, you can utilize the Configuration Utility to add a new remote syslog server via GUI if desired.
If you are on 10.x, or, you prefer to use CLI-based changes to the device for security and change control purposes, perform the following commands.
tmsh
modify /sys syslog remote-servers add { blumirasensor { host <Blumira Sensor IP> remote-port 514 }}
For example, to add Blumira Sensor at 10.1.1.1, type the following command:
modify /sys syslog remote-servers add { blumirasensor { host 10.1.1.1 remote-port 514 }}
save /sys config
In some cases, as referred to in the GUI-based steps, you may need to define the Local IP of the BIG-IP system. Here is the CLI method for identifying what IP Syslog binds to for sending logs.
tmsh
modify /sys syslog remote-servers modify { blumirasensor { local-ip <IP address> }}
For example, to configure the BIG-IP syslog to bind to 172.1.1.1 when sending logs to the Blumira sensor, type the following command:
modify /sys syslog remote-servers modify { blumirasensor{ local-ip 172.1.1.1 }}
Note: For BIG-IP systems in a HA configuration, the non-floating self IP address is recommended if using a TMM based IP address.
save /sys config
Refer to https://support.f5.com/csp/article/K5527 for the specific version being run. If you are using these versions, we strongly recommend updating as they are EOL per https://support.f5.com/csp/article/K5903.
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.