Saturday, 18 June 2022

**** ๐Š๐ž๐ฒ ๐๐จ๐ข๐ง๐ญ๐ฌ ๐€๐›๐จ๐ฎ๐ญ ๐‹๐จ๐  ๐Œ๐š๐ง๐š๐ ๐ž๐ฆ๐ž๐ง๐ญ ๐ข๐ง ๐…๐Ÿ“ ๐๐ซ๐จ๐๐ฎ๐œ๐ญ๐ฌ ****

 Today I would prefer to write about some Key and Important Tips about ๐‹๐จ๐  ๐‡๐š๐ง๐๐ฅ๐ข๐ง๐  in F5 ๐Ž๐ฉ๐ž๐ซ๐š๐ญ๐ข๐ง๐  ๐’๐ฒ๐ฌ๐ญ๐ž๐ฆ (๐“๐Œ๐Ž๐’).


๏ผ‘- ๏ผฌ๏ฝ‰๏ฝŽ๏ฝ•๏ฝ˜ (๏ผณ๏ผน๏ผณ๏ผฌ๏ผฏ๏ผง-๏ผฎ๏ผง):
- ONLY Reachable via ๐๐ˆ๐†-๐ˆ๐ ๐Œ๐†๐Œ๐“ ๐ˆ๐ง๐ญ๐ž๐ซ๐Ÿ๐š๐œ๐ž
- ๐‹๐ข๐ฆ๐ข๐ญ๐ž๐ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ข๐›๐ข๐ฅ๐ข๐ญ๐ฒ for LTM Events, Linux System Events, Audit/Changes, etc.
- Uses ๐”๐ƒ๐/๐Ÿ“๐Ÿ๐Ÿ’ for Log Events (Standard SYSLOG Format)
- Supports ๐‹๐จ๐œ๐š๐ฅ / ๐‘๐ž๐ฆ๐จ๐ญ๐ž ๐‹๐จ๐ ๐ ๐ข๐ง๐ 
- The Default Logging Path --> "/๐ฏ๐š๐ซ/๐ฅ๐จ๐ /..."
- Distributes Logs to all the Configured SYSLOG Server (๐‘๐ž๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ž๐-๐ฆ๐จ๐๐ž) 

๏ผ’- ๏ผด๏ผญ๏ผฏ๏ผณ (๏ผจSL ๏ผจigh Speed Logging ):
- Reachable via either ๐“๐Œ๐Œ (๐๐ซ๐ž๐Ÿ๐ž๐ซ๐ซ๐ž๐) or ๐Œ๐†๐Œ๐“ ๐ˆ๐ง๐ญ๐ž๐ซ๐Ÿ๐š๐œ๐ž๐ฌ
- Responsible for ๐Œ๐จ๐ซ๐ž ๐’๐ฉ๐ž๐œ๐ข๐š๐ฅ ๐‹๐จ๐ ๐ฌ including DNS Queries/Responses, AFM Attack Detection/Mitigation Events, AFM L4-7 DDoS Events, AFM/CGNAT Address Translation Events, ASM/AWAF Attack Detection/Mitigation Events, ASM/AWAF BOT Defense Events, ASM/AWAF L7 DDoS Profile Events, etc.
- Supports ๐Œ๐จ๐ซ๐ž ๐‹๐จ๐ ๐ ๐ข๐ง๐  ๐…๐จ๐ซ๐ฆ๐š๐ญ๐ฌ including SYSLOG, Splunk, ArcSight, IPFIX
- Supports both the ๐“๐‚๐ and ๐”๐ƒ๐ Protocols for ๐‹๐จ๐œ๐š๐ฅ / ๐‘๐ž๐ฆ๐จ๐ญ๐ž ๐‹๐จ๐ ๐ ๐ข๐ง๐ 
- Supports ๐‹๐จ๐  ๐’๐ž๐ซ๐ฏ๐ž๐ซ ๐๐จ๐จ๐ฅ ๐Ž๐›๐ฃ๐ž๐œ๐ญ with all the attractive features of Server Pool Object including Monitor, PGA, LB Methods, etc. 
- Supports ๐“๐‡๐‘๐„๐„ ๐ƒ๐ข๐Ÿ๐Ÿ๐ž๐ซ๐ž๐ง๐ญ ๐‹๐จ๐  ๐ƒ๐ข๐ฌ๐ญ๐ซ๐ข๐›๐ฎ๐ญ๐ข๐จ๐ง ๐Œ๐ž๐ญ๐ก๐จ๐๐ฌ including Balanced (A/A - A/S), Adaptive (A/S), and Replicated (A/A)
- Support ๐‹๐จ๐  ๐…๐ข๐ฅ๐ญ๐ž๐ซ๐ฌ (Handling Severity-level, Source Daemon/Process, Message ID as Desired Prefix)
- Supports ๐‹๐จ๐  ๐๐ฎ๐›๐ฅ๐ข๐ฌ๐ก๐ž๐ซ๐ฌ as a Parent-Child Relationship for Multiple ๐‹๐จ๐  ๐ƒ๐ž๐ฌ๐ญ๐ข๐ง๐š๐ญ๐ข๐จ๐ง๐ฌ
- It could be configured for each ๐•๐ข๐ซ๐ญ๐ฎ๐š๐ฅ ๐’๐ž๐ซ๐ฏ๐ž๐ซ Separately (For Limited Modules)

*** It should be noted that "๐‡๐’๐‹" and "๐’๐˜๐’๐‹๐Ž๐†-๐๐†" can work together, but ๐’•๐’‰๐’† ๐‘ท๐’“๐’Š๐’๐’“๐’Š๐’•๐’š ๐’๐’‡ ๐‘ฏ๐‘บ๐‘ณ ๐‘ด๐’‚๐’•๐’„๐’‰๐’Š๐’๐’ˆ ๐’Š๐’” "๐‘ฏ๐’Š๐’ˆ๐’‰๐’†๐’“" ๐’•๐’‰๐’‚๐’ ๐‘บ๐’€๐‘บ๐‘ณ๐‘ถ๐‘ฎ-๐‘ต๐‘ฎ
*** F5 Highly Recommends you to ๐’–๐’”๐’† ๐’•๐’‰๐’† "๐‘ฏ๐‘บ๐‘ณ" ๐‘ณ๐’๐’ˆ๐’ˆ๐’Š๐’๐’ˆ ๐‘ด๐’†๐’•๐’‰๐’๐’… ๐’Š๐’ ๐‘น๐’†๐’‚๐’ ๐‘ท๐’“๐’๐’…๐’–๐’„๐’•๐’Š๐’๐’ ๐‘ฌ๐’๐’—๐’Š๐’“๐’๐’๐’Ž๐’†๐’๐’•๐’”

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...