Security_Log_Profile (object)¶
Configures a Security log profile
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| /*/ | ||||
| application | object | When enabled, specifies the system logs events from applications. | ||
| botDefense | object | Specifies, when enabled, the system logs events from the Proactive Bot Defense mechanism. | ||
| class* | string | “Security_Log_Profile” | ||
| classification | object | Specifies, when enabled, that the system logs events from the Classification engine. | ||
| dosApplication | object | Specifies, when enabled, that the system logs detected application DoS attacks | ||
| dosNetwork | object | Specifies, when enabled, that the system logs detected network DoS attacks | ||
| ipIntelligence | object | Specifies, when enabled, that the system logs IP Intelligence events | ||
| label | string | “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” | Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML | |
| nat | object | Specifies, when enabled, that the system logs Firewall NAT events | ||
| network | object | Specifies, when enabled, that the system logs ACL rule matches, TCP events, and/or TCP/IP errors sent to the network firewall | ||
| protocolDns | object | Specifies, when enabled, that the system logs DNS security events | ||
| protocolDnsDos | object | Specifies, when enabled, that the system logs detected DNS DoS attacks | ||
| protocolInspection | object | Specifies, when enabled, that the system logs events from the Protocol Inspection engine | ||
| protocolSip | object | Specifies, when enabled, that the system logs SIP protocol security events | ||
| protocolSipDos | object | Specifies, when enabled, that the system logs detected SIP DoS attacks | ||
| protocolTransfer | object | Specifies, when enabled, that the system logs HTTP, FTP, and SMTP protocol security events | ||
| remark | string | “^[^x00-x1fx22x5cx7f]*$” | Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks | |
| sshProxy | object | Specifies, when enabled, that the system logs SSH Proxy events |
Security_Log_Profile.application (object)¶
When enabled, specifies the system logs events from applications.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| facility | string | “local0” | “local0”, “local1”, “local2”, “local3”, “local4”, “local5”, “local6”, “local7” | Specifies the facility category of the logged traffic |
| guaranteeLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local logging |
| guaranteeResponseLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local response logging. guaranteeLoggingEnabled must be true and responseLogging must be illegal or all |
| localStorage | boolean | true | true, false | Enables or disabled local storage |
| maxEntryLength | string | “2k” | “1k”, “2k”, “10k”, “64k” | Specifies the maximum entry length |
| maxHeaderSize | integer | 1 - 2048 | Specifies the maximum headers size | |
| maxQuerySize | integer | 1 - 2048 | Specifies the maximum query string size | |
| maxRequestSize | integer | 1 - 2048 | Specifies the maximum request size | |
| protocol | string | “tcp” | “udp”, “tcp”, “tcp-rfc3195” | Specifies the protocol supported by the remote server |
| remoteStorage | string | “remote”, “splunk”, “arcsight”, “bigiq” | Specifies a remote storage type | |
| reportAnomaliesEnabled | boolean | false | true, false | Indicates whether to report detected anomalies |
| responseLogging | string | “none” | “none”, “illegal”, “all” | Specifies a response logging type |
| servers | array | Adds, deletes, or replaces a set of remote servers | ||
| storageFilter | object | {} | Adds, deletes, or replaces a set of request filters | |
| storageFormat | Specifies a storage format |
Security_Log_Profile.application.storageFilter (object)¶
Adds, deletes, or replaces a set of request filters
Default: {}
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| httpMethods | array | Specifies whether request logging is dependent on the HTTP methods | ||
| logicalOperation | string | “or” | “and”, “or” | Specifies the logical operation on associated filters |
| loginResults | array | Specifies whether the request logging is dependent on the login results | ||
| protocols | array | Specifies if request logging is dependent on the protocols | ||
| requestContains | object | Specifies whether the request logging is dependent on s specific string and where to look for that string | ||
| requestType | string | “illegal” | “all”, “illegal”, “illegal-including-staged-signatures” | Specifies which kind of requests the system or server will log |
| responseCodes | array | Specifies whether request logging is dependent on the response status codes |
Security_Log_Profile.application.storageFilter.requestContains (object)¶
Specifies whether the request logging is dependent on s specific string and where to look for that string
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| searchIn* | string | “search-in-headers”, “search-in-post-data”, “search-in-query-string”, “search-in-request”, “search-in-uri” | Where to look for the specified string | |
| value* | string | The specified string to look for |
Security_Log_Profile.botDefense (object)¶
Specifies, when enabled, the system logs events from the Proactive Bot Defense mechanism.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| localPublisher | object | Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination),Reference to a log publisher,Reference for a BIG-IP or Use object | ||
| logAlarm | boolean | false | true, false | This option enables or disables the logging of requests with alarm mitigation. This property is available on BIGIP 14.1 and above. |
| logBlock | boolean | false | true, false | This option enables or disables the logging of requests with block mitigation. This property is available on BIGIP 14.1 and above. |
| logBotSignatureMatchedRequests | boolean | false | true, false | This option enables or disables the logging of reported bot signature requests |
| logBrowser | boolean | false | true, false | This option enables or disables the logging of requests with browser classification. This property is available on BIGIP 14.1 and above. |
| logBrowserVerificationAction | boolean | false | true, false | This option enables or disables the logging of requests by browser verification action. This property is available on BIGIP 14.1 and above. |
| logCaptcha | boolean | false | true, false | This option enables or disables the logging of requests with captcha mitigation. This property is available on BIGIP 14.1 and above. |
| logCaptchaChallengedRequests | boolean | false | true, false | This option enables or disables the logging of captcha challenged requests |
| logChallengedRequests | boolean | false | true, false | This option enables or disables the logging of challenged requests |
| logChallengeFailureRequest | boolean | false | true, false | This option enables or disables the logging of requests by challenge failure. This property is available on BIGIP 15.0 and above. |
| logDeviceIdCollectionRequest | boolean | false | true, false | This option enables or disables the logging of requests by device ID collection. This property is available on BIGIP 14.1 and above. |
| logHoneyPotPage | boolean | false | true, false | This option enables or disables the logging of requests with honey pot page mitigation. This property is available on BIGIP 15.0 and above. |
| logIllegalRequests | boolean | true | true, false | This option enables or disables the logging of illegal requests |
| logLegalRequests | boolean | false | true, false | This option enables or disables the logging of legal requests |
| logMaliciousBot | boolean | false | true, false | This option enables or disables the logging of requests with malicious bot classification. This property is available on BIGIP 14.1 and above. |
| logMobileApplication | boolean | false | true, false | This option enables or disables the logging of requests with mobile application classification. This property is available on BIGIP 14.1 and above. |
| logNone | boolean | false | true, false | This option enables or disables the logging of requests with no mitigation. This property is available on BIGIP 14.1 and above. |
| logRateLimit | boolean | false | true, false | This option enables or disables the logging of requests with rate limit mitigation. This property is available on BIGIP 14.1 and above. |
| logRedirectToPool | boolean | false | true, false | This option enables or disables the logging of requests with redirect to pool mitigation. This property is available on BIGIP 15.0 and above. |
| logSuspiciousBrowser | boolean | false | true, false | This option enables or disables the logging of requests with suspicious browser classification. This property is available on BIGIP 14.1 and above. |
| logTcpReset | boolean | false | true, false | This option enables or disables the logging of requests with TCP reset mitigation. This property is available on BIGIP 14.1 and above. |
| logTrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with trusted bot classification. This property is available on BIGIP 14.1 and above. |
| logUnknown | boolean | true | true, false | This option enables or disables the logging of requests with unknown classification. This property is available on BIGIP 14.1 and above. |
| logUntrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with untrusted bot classification. This property is available on BIGIP 14.1 and above. |
| remotePublisher | object | Enables selecting a Log Publisher that has Splunk enabled,Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile.botDefense.localPublisher (object)¶
Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination) Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | “f5bigip” formatted string | |||
| use |
Security_Log_Profile.botDefense.remotePublisher (object)¶
Enables selecting a Log Publisher that has Splunk enabled Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | “f5bigip” formatted string | |||
| use |
Security_Log_Profile.classification (object)¶
Specifies, when enabled, that the system logs events from the Classification engine.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logAllMatches | boolean | false | true, false | This option enables or disables the logging of all matches |
| publisher | object | Specifies where the system sends log messages |
Security_Log_Profile.classification.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.dosApplication (object)¶
Specifies, when enabled, that the system logs detected application DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| localPublisher | object | Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination) | ||
| remotePublisher | object | Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations) |
Security_Log_Profile.dosApplication.localPublisher (object)¶
Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination)
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.dosApplication.remotePublisher (object)¶
Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations)
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.dosNetwork (object)¶
Specifies, when enabled, that the system logs detected network DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies the name of the log publisher used for logging Network DoS events |
Security_Log_Profile.dosNetwork.publisher (object)¶
Specifies the name of the log publisher used for logging Network DoS events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.ipIntelligence (object)¶
Specifies, when enabled, that the system logs IP Intelligence events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
| publisher | object | Specifies the name of the log publisher used for logging IP Intelligence events | ||
| rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | Defines a rate limit for all combined IP intelligence log messages per second |
Security_Log_Profile.ipIntelligence.publisher (object)¶
Specifies the name of the log publisher used for logging IP Intelligence events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.nat (object)¶
Specifies, when enabled, that the system logs Firewall NAT events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| formatEndInboundSession | Specifies the format type for log messages | |||
| formatEndOutboundSession | Specifies the format type for log messages | |||
| formatErrors | Specifies the format type for log messages | |||
| formatQuotaExceeded | Specifies the format type for log messages | |||
| formatStartInboundSession | Specifies the format type for log messages | |||
| formatStartOutboundSession | Specifies the format type for log messages | |||
| logEndInboundSession | boolean | false | true, false | Generates event log entries at the end of the incoming connection event for a translated endpoint. Triggered when the system frees the inbound session. |
| logEndOutboundSession | boolean | false | true, false | Generates event log entries at end of translation event for a NAT client. Triggered when the system frees the outbound session. |
| logEndOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the end of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
| logErrors | boolean | false | true, false | Generates event log entries when a NAT translation errors occur |
| logQuotaExceeded | boolean | false | true, false | Generates event log entries when a NAT client exceeds allocated resources |
| logStartInboundSession | boolean | false | true, false | Generates event log entries at the start of the incoming connection event for a translated endpoint. Triggered when the system creates the inbound session. |
| logStartOutboundSession | boolean | false | true, false | Generates event log entries at start of the translation event for a NAT client. Triggered when the system creates the outbound session. |
| logStartOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the start of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
| logSubscriberId | boolean | false | true, false | Logs the subscriber ID associated with a subscriber IP address |
| lsnLegacyMode | boolean | false | true, false | This option specifies whether translation events (and other NAT events) are logged in existing CGNAT/LSN formats (for backward compatibility with LSN events). |
| publisher* | object | Specifies the name of the log publisher used for logging Network Address Translation events | ||
| rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate for all the Firewall NAT log events that the system can log per second |
| rateLimitEndInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end inbound session log events per second |
| rateLimitEndOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end outbound session log events per second |
| rateLimitErrors | integer | 4294967295 | -∞ - -Infinity | This option rate limits the errors the system logs per second |
| rateLimitQuotaExceeded | integer | 4294967295 | -∞ - -Infinity | This option rate limits the quota exceeded log events per second |
| rateLimitStartInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start inbound session log events per second |
| rateLimitStartOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start outbound session log events per second |
Security_Log_Profile.nat.publisher (object)¶
Specifies the name of the log publisher used for logging Network Address Translation events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.network (object)¶
Specifies, when enabled, that the system logs ACL rule matches, TCP events, and/or TCP/IP errors sent to the network firewall
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| alwaysLogRegion | boolean | false | true, false | Specifies, when enabled, that when a geolocation event causes a network firewall event, the system logs the associated IP address |
| logIpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs IP error packets |
| logRuleMatchAccepts | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Accept |
| logRuleMatchDrops | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Drop |
| logRuleMatchRejects | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Reject |
| logTcpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs TCP error packets |
| logTcpEvents | boolean | false | true, false | Specifies, when enabled, that the system logs TCP events (open and close of TCP sessions) |
| logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
| publisher | object | Specifies the name of the log publisher used for logging Network events | ||
| rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate limit that applies to any network logging message |
| rateLimitIpErrors | integer | 4294967295 | -∞ - -Infinity | This option enables or disables the logging of IP error packets |
| rateLimitRuleMatchAccepts | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
| rateLimitRuleMatchDrops | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
| rateLimitRuleMatchRejects | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Reject |
| rateLimitTcpErrors | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP error packets |
| rateLimitTcpEvents | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP events on client side |
| storageFormat | Specifies the format type for log messages. If it is a string it is user-defined |
Security_Log_Profile.network.publisher (object)¶
Specifies the name of the log publisher used for logging Network events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolDns (object)¶
Specifies, when enabled, that the system logs DNS security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped DNS requests |
| logFilteredDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs DNS requests dropped due to DNS query/header-opcode filtering. The system does not log DNS requests dropped due to errors in the way the system processes DNS packets. |
| logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed DNS requests |
| logMaliciousRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malicious DNS requests |
| logRejectedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs rejected DNS requests |
| publisher | object | Specifies the name of the log publisher used for logging DNS security events | ||
| storageFormat | Specifies the format type for log messages |
Security_Log_Profile.protocolDns.publisher (object)¶
Specifies the name of the log publisher used for logging DNS security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolDnsDos (object)¶
Specifies, when enabled, that the system logs detected DNS DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies the name of the log publisher used for logging DNS DoS events |
Security_Log_Profile.protocolDnsDos.publisher (object)¶
Specifies the name of the log publisher used for logging DNS DoS events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolInspection (object)¶
Specifies, when enabled, that the system logs events from the Protocol Inspection engine
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logPacketPayloadEnabled | boolean | false | true, false | Enable logging of the packet payload for Protocol Inspection events |
| publisher | object | Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile.protocolInspection.publisher (object)¶
Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | “f5bigip” formatted string | |||
| use |
Security_Log_Profile.protocolSip (object)¶
Specifies, when enabled, that the system logs SIP protocol security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped requests |
| logGlobalFailures | boolean | false | true, false | Specifies, when enabled, that the system logs global failures |
| logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed requests |
| logRedirectedResponses | boolean | false | true, false | Specifies, when enabled, that the system logs redirection responses |
| logRequestFailures | boolean | false | true, false | Specifies, when enabled, that the system logs request failures |
| logServerErrors | boolean | false | true, false | Specifies, when enabled, that the system logs server errors |
| publisher | object | Specifies the name of the log publisher used for logging SIP protocol security events | ||
| storageFormat | Specifies the format type for log messages |
Security_Log_Profile.protocolSip.publisher (object)¶
Specifies the name of the log publisher used for logging SIP protocol security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolSipDos (object)¶
Specifies, when enabled, that the system logs detected SIP DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies the name of the log publisher used for logging SIP DoS events |
Security_Log_Profile.protocolSipDos.publisher (object)¶
Specifies the name of the log publisher used for logging SIP DoS events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolTransfer (object)¶
Specifies, when enabled, that the system logs HTTP, FTP, and SMTP protocol security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies where the system sends log messages |
Security_Log_Profile.protocolTransfer.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.sshProxy (object)¶
Specifies, when enabled, that the system logs SSH Proxy events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logAllowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs allowed channel actions |
| logClientAuthFail | boolean | false | true, false | Specifies the name of the log publisher used for logging SSH Proxy events |
| logClientAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs client auth partial events |
| logClientAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs client auth success events |
| logDisallowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs disallowed channel actions |
| logNonSshTraffic | boolean | false | true, false | Specifies, when enabled, that the system logs non-SSH traffic events |
| logServerAuthFail | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
| logServerAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs server auth partial events |
| logServerAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
| logSshTimeout | boolean | false | true, false | Specifies, when enabled, that the system logs SSH timeouts |
| publisher | object | Specifies the name of the log publisher used for logging SSH Proxy events |
Security_Log_Profile.sshProxy.publisher (object)¶
Specifies the name of the log publisher used for logging SSH Proxy events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Application (object)¶
When enabled, specifies the system logs events from applications.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| facility | string | “local0” | “local0”, “local1”, “local2”, “local3”, “local4”, “local5”, “local6”, “local7” | Specifies the facility category of the logged traffic |
| guaranteeLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local logging |
| guaranteeResponseLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local response logging. guaranteeLoggingEnabled must be true and responseLogging must be illegal or all |
| localStorage | boolean | true | true, false | Enables or disabled local storage |
| maxEntryLength | string | “2k” | “1k”, “2k”, “10k”, “64k” | Specifies the maximum entry length |
| maxHeaderSize | integer | 1 - 2048 | Specifies the maximum headers size | |
| maxQuerySize | integer | 1 - 2048 | Specifies the maximum query string size | |
| maxRequestSize | integer | 1 - 2048 | Specifies the maximum request size | |
| protocol | string | “tcp” | “udp”, “tcp”, “tcp-rfc3195” | Specifies the protocol supported by the remote server |
| remoteStorage | string | “remote”, “splunk”, “arcsight”, “bigiq” | Specifies a remote storage type | |
| reportAnomaliesEnabled | boolean | false | true, false | Indicates whether to report detected anomalies |
| responseLogging | string | “none” | “none”, “illegal”, “all” | Specifies a response logging type |
| servers | array | Adds, deletes, or replaces a set of remote servers | ||
| storageFilter | object | {} | Adds, deletes, or replaces a set of request filters | |
| storageFormat | Specifies a storage format |
Security_Log_Profile_Application.storageFilter (object)¶
Adds, deletes, or replaces a set of request filters
Default: {}
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| httpMethods | array | Specifies whether request logging is dependent on the HTTP methods | ||
| logicalOperation | string | “or” | “and”, “or” | Specifies the logical operation on associated filters |
| loginResults | array | Specifies whether the request logging is dependent on the login results | ||
| protocols | array | Specifies if request logging is dependent on the protocols | ||
| requestContains | object | Specifies whether the request logging is dependent on s specific string and where to look for that string | ||
| requestType | string | “illegal” | “all”, “illegal”, “illegal-including-staged-signatures” | Specifies which kind of requests the system or server will log |
| responseCodes | array | Specifies whether request logging is dependent on the response status codes |
Security_Log_Profile_Application.storageFilter.requestContains (object)¶
Specifies whether the request logging is dependent on s specific string and where to look for that string
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| searchIn* | string | “search-in-headers”, “search-in-post-data”, “search-in-query-string”, “search-in-request”, “search-in-uri” | Where to look for the specified string | |
| value* | string | The specified string to look for |
Security_Log_Profile_Bot_Defense (object)¶
Specifies, when enabled, the system logs events from the Proactive Bot Defense mechanism.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| localPublisher | object | Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination),Reference to a log publisher,Reference for a BIG-IP or Use object | ||
| logAlarm | boolean | false | true, false | This option enables or disables the logging of requests with alarm mitigation. This property is available on BIGIP 14.1 and above. |
| logBlock | boolean | false | true, false | This option enables or disables the logging of requests with block mitigation. This property is available on BIGIP 14.1 and above. |
| logBotSignatureMatchedRequests | boolean | false | true, false | This option enables or disables the logging of reported bot signature requests |
| logBrowser | boolean | false | true, false | This option enables or disables the logging of requests with browser classification. This property is available on BIGIP 14.1 and above. |
| logBrowserVerificationAction | boolean | false | true, false | This option enables or disables the logging of requests by browser verification action. This property is available on BIGIP 14.1 and above. |
| logCaptcha | boolean | false | true, false | This option enables or disables the logging of requests with captcha mitigation. This property is available on BIGIP 14.1 and above. |
| logCaptchaChallengedRequests | boolean | false | true, false | This option enables or disables the logging of captcha challenged requests |
| logChallengedRequests | boolean | false | true, false | This option enables or disables the logging of challenged requests |
| logChallengeFailureRequest | boolean | false | true, false | This option enables or disables the logging of requests by challenge failure. This property is available on BIGIP 15.0 and above. |
| logDeviceIdCollectionRequest | boolean | false | true, false | This option enables or disables the logging of requests by device ID collection. This property is available on BIGIP 14.1 and above. |
| logHoneyPotPage | boolean | false | true, false | This option enables or disables the logging of requests with honey pot page mitigation. This property is available on BIGIP 15.0 and above. |
| logIllegalRequests | boolean | true | true, false | This option enables or disables the logging of illegal requests |
| logLegalRequests | boolean | false | true, false | This option enables or disables the logging of legal requests |
| logMaliciousBot | boolean | false | true, false | This option enables or disables the logging of requests with malicious bot classification. This property is available on BIGIP 14.1 and above. |
| logMobileApplication | boolean | false | true, false | This option enables or disables the logging of requests with mobile application classification. This property is available on BIGIP 14.1 and above. |
| logNone | boolean | false | true, false | This option enables or disables the logging of requests with no mitigation. This property is available on BIGIP 14.1 and above. |
| logRateLimit | boolean | false | true, false | This option enables or disables the logging of requests with rate limit mitigation. This property is available on BIGIP 14.1 and above. |
| logRedirectToPool | boolean | false | true, false | This option enables or disables the logging of requests with redirect to pool mitigation. This property is available on BIGIP 15.0 and above. |
| logSuspiciousBrowser | boolean | false | true, false | This option enables or disables the logging of requests with suspicious browser classification. This property is available on BIGIP 14.1 and above. |
| logTcpReset | boolean | false | true, false | This option enables or disables the logging of requests with TCP reset mitigation. This property is available on BIGIP 14.1 and above. |
| logTrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with trusted bot classification. This property is available on BIGIP 14.1 and above. |
| logUnknown | boolean | true | true, false | This option enables or disables the logging of requests with unknown classification. This property is available on BIGIP 14.1 and above. |
| logUntrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with untrusted bot classification. This property is available on BIGIP 14.1 and above. |
| remotePublisher | object | Enables selecting a Log Publisher that has Splunk enabled,Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile_Bot_Defense.localPublisher (object)¶
Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination) Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | “f5bigip” formatted string | |||
| use |
Security_Log_Profile_Bot_Defense.remotePublisher (object)¶
Enables selecting a Log Publisher that has Splunk enabled Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | “f5bigip” formatted string | |||
| use |
Security_Log_Profile_Classification (object)¶
Specifies, when enabled, that the system logs events from the Classification engine.
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logAllMatches | boolean | false | true, false | This option enables or disables the logging of all matches |
| publisher | object | Specifies where the system sends log messages |
Security_Log_Profile_Classification.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Dos_Application (object)¶
Specifies, when enabled, that the system logs detected application DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| localPublisher | object | Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination) | ||
| remotePublisher | object | Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations) |
Security_Log_Profile_Dos_Application.localPublisher (object)¶
Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination)
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Dos_Application.remotePublisher (object)¶
Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations)
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Dos_Network (object)¶
Specifies, when enabled, that the system logs detected network DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies the name of the log publisher used for logging Network DoS events |
Security_Log_Profile_Dos_Network.publisher (object)¶
Specifies the name of the log publisher used for logging Network DoS events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Ip_Intelligence (object)¶
Specifies, when enabled, that the system logs IP Intelligence events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
| publisher | object | Specifies the name of the log publisher used for logging IP Intelligence events | ||
| rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | Defines a rate limit for all combined IP intelligence log messages per second |
Security_Log_Profile_Ip_Intelligence.publisher (object)¶
Specifies the name of the log publisher used for logging IP Intelligence events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Nat (object)¶
Specifies, when enabled, that the system logs Firewall NAT events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| formatEndInboundSession | Specifies the format type for log messages | |||
| formatEndOutboundSession | Specifies the format type for log messages | |||
| formatErrors | Specifies the format type for log messages | |||
| formatQuotaExceeded | Specifies the format type for log messages | |||
| formatStartInboundSession | Specifies the format type for log messages | |||
| formatStartOutboundSession | Specifies the format type for log messages | |||
| logEndInboundSession | boolean | false | true, false | Generates event log entries at the end of the incoming connection event for a translated endpoint. Triggered when the system frees the inbound session. |
| logEndOutboundSession | boolean | false | true, false | Generates event log entries at end of translation event for a NAT client. Triggered when the system frees the outbound session. |
| logEndOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the end of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
| logErrors | boolean | false | true, false | Generates event log entries when a NAT translation errors occur |
| logQuotaExceeded | boolean | false | true, false | Generates event log entries when a NAT client exceeds allocated resources |
| logStartInboundSession | boolean | false | true, false | Generates event log entries at the start of the incoming connection event for a translated endpoint. Triggered when the system creates the inbound session. |
| logStartOutboundSession | boolean | false | true, false | Generates event log entries at start of the translation event for a NAT client. Triggered when the system creates the outbound session. |
| logStartOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the start of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
| logSubscriberId | boolean | false | true, false | Logs the subscriber ID associated with a subscriber IP address |
| lsnLegacyMode | boolean | false | true, false | This option specifies whether translation events (and other NAT events) are logged in existing CGNAT/LSN formats (for backward compatibility with LSN events). |
| publisher* | object | Specifies the name of the log publisher used for logging Network Address Translation events | ||
| rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate for all the Firewall NAT log events that the system can log per second |
| rateLimitEndInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end inbound session log events per second |
| rateLimitEndOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end outbound session log events per second |
| rateLimitErrors | integer | 4294967295 | -∞ - -Infinity | This option rate limits the errors the system logs per second |
| rateLimitQuotaExceeded | integer | 4294967295 | -∞ - -Infinity | This option rate limits the quota exceeded log events per second |
| rateLimitStartInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start inbound session log events per second |
| rateLimitStartOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start outbound session log events per second |
Security_Log_Profile_Nat.publisher (object)¶
Specifies the name of the log publisher used for logging Network Address Translation events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Nat_Storage_Format ()¶
Specifies the format type for log messages
Security_Log_Profile_Network (object)¶
Specifies, when enabled, that the system logs ACL rule matches, TCP events, and/or TCP/IP errors sent to the network firewall
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| alwaysLogRegion | boolean | false | true, false | Specifies, when enabled, that when a geolocation event causes a network firewall event, the system logs the associated IP address |
| logIpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs IP error packets |
| logRuleMatchAccepts | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Accept |
| logRuleMatchDrops | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Drop |
| logRuleMatchRejects | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Reject |
| logTcpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs TCP error packets |
| logTcpEvents | boolean | false | true, false | Specifies, when enabled, that the system logs TCP events (open and close of TCP sessions) |
| logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
| publisher | object | Specifies the name of the log publisher used for logging Network events | ||
| rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate limit that applies to any network logging message |
| rateLimitIpErrors | integer | 4294967295 | -∞ - -Infinity | This option enables or disables the logging of IP error packets |
| rateLimitRuleMatchAccepts | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
| rateLimitRuleMatchDrops | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
| rateLimitRuleMatchRejects | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Reject |
| rateLimitTcpErrors | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP error packets |
| rateLimitTcpEvents | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP events on client side |
| storageFormat | Specifies the format type for log messages. If it is a string it is user-defined |
Security_Log_Profile_Network.publisher (object)¶
Specifies the name of the log publisher used for logging Network events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Dns (object)¶
Specifies, when enabled, that the system logs DNS security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped DNS requests |
| logFilteredDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs DNS requests dropped due to DNS query/header-opcode filtering. The system does not log DNS requests dropped due to errors in the way the system processes DNS packets. |
| logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed DNS requests |
| logMaliciousRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malicious DNS requests |
| logRejectedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs rejected DNS requests |
| publisher | object | Specifies the name of the log publisher used for logging DNS security events | ||
| storageFormat | Specifies the format type for log messages |
Security_Log_Profile_Protocol_Dns.publisher (object)¶
Specifies the name of the log publisher used for logging DNS security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Dns_Dos (object)¶
Specifies, when enabled, that the system logs detected DNS DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies the name of the log publisher used for logging DNS DoS events |
Security_Log_Profile_Protocol_Dns_Dos.publisher (object)¶
Specifies the name of the log publisher used for logging DNS DoS events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Inspection (object)¶
Specifies, when enabled, that the system logs events from the Protocol Inspection engine
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logPacketPayloadEnabled | boolean | false | true, false | Enable logging of the packet payload for Protocol Inspection events |
| publisher | object | Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile_Protocol_Inspection.publisher (object)¶
Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | “f5bigip” formatted string | |||
| use |
Security_Log_Profile_Protocol_Sip (object)¶
Specifies, when enabled, that the system logs SIP protocol security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped requests |
| logGlobalFailures | boolean | false | true, false | Specifies, when enabled, that the system logs global failures |
| logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed requests |
| logRedirectedResponses | boolean | false | true, false | Specifies, when enabled, that the system logs redirection responses |
| logRequestFailures | boolean | false | true, false | Specifies, when enabled, that the system logs request failures |
| logServerErrors | boolean | false | true, false | Specifies, when enabled, that the system logs server errors |
| publisher | object | Specifies the name of the log publisher used for logging SIP protocol security events | ||
| storageFormat | Specifies the format type for log messages |
Security_Log_Profile_Protocol_Sip.publisher (object)¶
Specifies the name of the log publisher used for logging SIP protocol security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Sip_Dos (object)¶
Specifies, when enabled, that the system logs detected SIP DoS attacks
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies the name of the log publisher used for logging SIP DoS events |
Security_Log_Profile_Protocol_Sip_Dos.publisher (object)¶
Specifies the name of the log publisher used for logging SIP DoS events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Transfer (object)¶
Specifies, when enabled, that the system logs HTTP, FTP, and SMTP protocol security events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| publisher | object | Specifies where the system sends log messages |
Security_Log_Profile_Protocol_Transfer.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Ssh_Proxy (object)¶
Specifies, when enabled, that the system logs SSH Proxy events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| logAllowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs allowed channel actions |
| logClientAuthFail | boolean | false | true, false | Specifies the name of the log publisher used for logging SSH Proxy events |
| logClientAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs client auth partial events |
| logClientAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs client auth success events |
| logDisallowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs disallowed channel actions |
| logNonSshTraffic | boolean | false | true, false | Specifies, when enabled, that the system logs non-SSH traffic events |
| logServerAuthFail | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
| logServerAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs server auth partial events |
| logServerAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
| logSshTimeout | boolean | false | true, false | Specifies, when enabled, that the system logs SSH timeouts |
| publisher | object | Specifies the name of the log publisher used for logging SSH Proxy events |
Security_Log_Profile_Ssh_Proxy.publisher (object)¶
Specifies the name of the log publisher used for logging SSH Proxy events
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
| use | string | BIG-IP AS3 pointer to log publisher declaration |