Security_Log_Profile (object)¶
Configures a Security log profile
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
application | object | When enabled, specifies the system logs events from applications. | ||
botDefense | object | Specifies, when enabled, the system logs events from the Proactive Bot Defense mechanism. | ||
class* | string | “Security_Log_Profile” | ||
classification | object | Specifies, when enabled, that the system logs events from the Classification engine. | ||
dosApplication | object | Specifies, when enabled, that the system logs detected application DoS attacks | ||
dosNetwork | object | Specifies, when enabled, that the system logs detected network DoS attacks | ||
ipIntelligence | object | Specifies, when enabled, that the system logs IP Intelligence events | ||
label | string | “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” | Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML | |
nat | object | Specifies, when enabled, that the system logs Firewall NAT events | ||
network | object | Specifies, when enabled, that the system logs ACL rule matches, TCP events, and/or TCP/IP errors sent to the network firewall | ||
protocolDns | object | Specifies, when enabled, that the system logs DNS security events | ||
protocolDnsDos | object | Specifies, when enabled, that the system logs detected DNS DoS attacks | ||
protocolInspection | object | Specifies, when enabled, that the system logs events from the Protocol Inspection engine | ||
protocolSip | object | Specifies, when enabled, that the system logs SIP protocol security events | ||
protocolSipDos | object | Specifies, when enabled, that the system logs detected SIP DoS attacks | ||
protocolTransfer | object | Specifies, when enabled, that the system logs HTTP, FTP, and SMTP protocol security events | ||
remark | string | “^[^x00-x1fx22x5cx7f]*$” | Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks | |
sshProxy | object | Specifies, when enabled, that the system logs SSH Proxy events |
Security_Log_Profile.application (object)¶
When enabled, specifies the system logs events from applications.
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
facility | string | “local0” | “local0”, “local1”, “local2”, “local3”, “local4”, “local5”, “local6”, “local7” | Specifies the facility category of the logged traffic |
guaranteeLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local logging |
guaranteeResponseLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local response logging. guaranteeLoggingEnabled must be true and responseLogging must be illegal or all |
localStorage | boolean | true | true, false | Enables or disabled local storage |
maxEntryLength | string | “2k” | “1k”, “2k”, “10k”, “64k” | Specifies the maximum entry length |
maxHeaderSize | integer | 1 - 2048 | Specifies the maximum headers size | |
maxQuerySize | integer | 1 - 2048 | Specifies the maximum query string size | |
maxRequestSize | integer | 1 - 2048 | Specifies the maximum request size | |
protocol | string | “tcp” | “udp”, “tcp”, “tcp-rfc3195” | Specifies the protocol supported by the remote server |
remoteStorage | string | “remote”, “splunk”, “arcsight”, “bigiq” | Specifies a remote storage type | |
reportAnomaliesEnabled | boolean | false | true, false | Indicates whether to report detected anomalies |
responseLogging | string | “none” | “none”, “illegal”, “all” | Specifies a response logging type |
servers | array | Adds, deletes, or replaces a set of remote servers | ||
storageFilter | object | {} | Adds, deletes, or replaces a set of request filters | |
storageFormat | Specifies a storage format |
Security_Log_Profile.application.storageFilter (object)¶
Adds, deletes, or replaces a set of request filters
Default: {}
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
httpMethods | array | Specifies whether request logging is dependent on the HTTP methods | ||
logicalOperation | string | “or” | “and”, “or” | Specifies the logical operation on associated filters |
loginResults | array | Specifies whether the request logging is dependent on the login results | ||
protocols | array | Specifies if request logging is dependent on the protocols | ||
requestContains | object | Specifies whether the request logging is dependent on s specific string and where to look for that string | ||
requestType | string | “illegal” | “all”, “illegal”, “illegal-including-staged-signatures” | Specifies which kind of requests the system or server will log |
responseCodes | array | Specifies whether request logging is dependent on the response status codes |
Security_Log_Profile.application.storageFilter.requestContains (object)¶
Specifies whether the request logging is dependent on s specific string and where to look for that string
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
searchIn* | string | “search-in-headers”, “search-in-post-data”, “search-in-query-string”, “search-in-request”, “search-in-uri” | Where to look for the specified string | |
value* | string | The specified string to look for |
Security_Log_Profile.botDefense (object)¶
Specifies, when enabled, the system logs events from the Proactive Bot Defense mechanism.
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
localPublisher | object | Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination),Reference to a log publisher,Reference for a BIG-IP or Use object | ||
logAlarm | boolean | false | true, false | This option enables or disables the logging of requests with alarm mitigation. This property is available on BIGIP 14.1 and above. |
logBlock | boolean | false | true, false | This option enables or disables the logging of requests with block mitigation. This property is available on BIGIP 14.1 and above. |
logBotSignatureMatchedRequests | boolean | false | true, false | This option enables or disables the logging of reported bot signature requests |
logBrowser | boolean | false | true, false | This option enables or disables the logging of requests with browser classification. This property is available on BIGIP 14.1 and above. |
logBrowserVerificationAction | boolean | false | true, false | This option enables or disables the logging of requests by browser verification action. This property is available on BIGIP 14.1 and above. |
logCaptcha | boolean | false | true, false | This option enables or disables the logging of requests with captcha mitigation. This property is available on BIGIP 14.1 and above. |
logCaptchaChallengedRequests | boolean | false | true, false | This option enables or disables the logging of captcha challenged requests |
logChallengedRequests | boolean | false | true, false | This option enables or disables the logging of challenged requests |
logChallengeFailureRequest | boolean | false | true, false | This option enables or disables the logging of requests by challenge failure. This property is available on BIGIP 15.0 and above. |
logDeviceIdCollectionRequest | boolean | false | true, false | This option enables or disables the logging of requests by device ID collection. This property is available on BIGIP 14.1 and above. |
logHoneyPotPage | boolean | false | true, false | This option enables or disables the logging of requests with honey pot page mitigation. This property is available on BIGIP 15.0 and above. |
logIllegalRequests | boolean | true | true, false | This option enables or disables the logging of illegal requests |
logLegalRequests | boolean | false | true, false | This option enables or disables the logging of legal requests |
logMaliciousBot | boolean | false | true, false | This option enables or disables the logging of requests with malicious bot classification. This property is available on BIGIP 14.1 and above. |
logMobileApplication | boolean | false | true, false | This option enables or disables the logging of requests with mobile application classification. This property is available on BIGIP 14.1 and above. |
logNone | boolean | false | true, false | This option enables or disables the logging of requests with no mitigation. This property is available on BIGIP 14.1 and above. |
logRateLimit | boolean | false | true, false | This option enables or disables the logging of requests with rate limit mitigation. This property is available on BIGIP 14.1 and above. |
logRedirectToPool | boolean | false | true, false | This option enables or disables the logging of requests with redirect to pool mitigation. This property is available on BIGIP 15.0 and above. |
logSuspiciousBrowser | boolean | false | true, false | This option enables or disables the logging of requests with suspicious browser classification. This property is available on BIGIP 14.1 and above. |
logTcpReset | boolean | false | true, false | This option enables or disables the logging of requests with TCP reset mitigation. This property is available on BIGIP 14.1 and above. |
logTrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with trusted bot classification. This property is available on BIGIP 14.1 and above. |
logUnknown | boolean | true | true, false | This option enables or disables the logging of requests with unknown classification. This property is available on BIGIP 14.1 and above. |
logUntrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with untrusted bot classification. This property is available on BIGIP 14.1 and above. |
remotePublisher | object | Enables selecting a Log Publisher that has Splunk enabled,Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile.botDefense.localPublisher (object)¶
Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination) Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | “f5bigip” formatted string | |||
use |
Security_Log_Profile.botDefense.remotePublisher (object)¶
Enables selecting a Log Publisher that has Splunk enabled Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | “f5bigip” formatted string | |||
use |
Security_Log_Profile.classification (object)¶
Specifies, when enabled, that the system logs events from the Classification engine.
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logAllMatches | boolean | false | true, false | This option enables or disables the logging of all matches |
publisher | object | Specifies where the system sends log messages |
Security_Log_Profile.classification.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.dosApplication (object)¶
Specifies, when enabled, that the system logs detected application DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
localPublisher | object | Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination) | ||
remotePublisher | object | Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations) |
Security_Log_Profile.dosApplication.localPublisher (object)¶
Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination)
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.dosApplication.remotePublisher (object)¶
Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations)
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.dosNetwork (object)¶
Specifies, when enabled, that the system logs detected network DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies the name of the log publisher used for logging Network DoS events |
Security_Log_Profile.dosNetwork.publisher (object)¶
Specifies the name of the log publisher used for logging Network DoS events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.ipIntelligence (object)¶
Specifies, when enabled, that the system logs IP Intelligence events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
publisher | object | Specifies the name of the log publisher used for logging IP Intelligence events | ||
rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | Defines a rate limit for all combined IP intelligence log messages per second |
Security_Log_Profile.ipIntelligence.publisher (object)¶
Specifies the name of the log publisher used for logging IP Intelligence events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.nat (object)¶
Specifies, when enabled, that the system logs Firewall NAT events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
formatEndInboundSession | Specifies the format type for log messages | |||
formatEndOutboundSession | Specifies the format type for log messages | |||
formatErrors | Specifies the format type for log messages | |||
formatQuotaExceeded | Specifies the format type for log messages | |||
formatStartInboundSession | Specifies the format type for log messages | |||
formatStartOutboundSession | Specifies the format type for log messages | |||
logEndInboundSession | boolean | false | true, false | Generates event log entries at the end of the incoming connection event for a translated endpoint. Triggered when the system frees the inbound session. |
logEndOutboundSession | boolean | false | true, false | Generates event log entries at end of translation event for a NAT client. Triggered when the system frees the outbound session. |
logEndOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the end of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
logErrors | boolean | false | true, false | Generates event log entries when a NAT translation errors occur |
logQuotaExceeded | boolean | false | true, false | Generates event log entries when a NAT client exceeds allocated resources |
logStartInboundSession | boolean | false | true, false | Generates event log entries at the start of the incoming connection event for a translated endpoint. Triggered when the system creates the inbound session. |
logStartOutboundSession | boolean | false | true, false | Generates event log entries at start of the translation event for a NAT client. Triggered when the system creates the outbound session. |
logStartOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the start of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
logSubscriberId | boolean | false | true, false | Logs the subscriber ID associated with a subscriber IP address |
lsnLegacyMode | boolean | false | true, false | This option specifies whether translation events (and other NAT events) are logged in existing CGNAT/LSN formats (for backward compatibility with LSN events). |
publisher* | object | Specifies the name of the log publisher used for logging Network Address Translation events | ||
rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate for all the Firewall NAT log events that the system can log per second |
rateLimitEndInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end inbound session log events per second |
rateLimitEndOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end outbound session log events per second |
rateLimitErrors | integer | 4294967295 | -∞ - -Infinity | This option rate limits the errors the system logs per second |
rateLimitQuotaExceeded | integer | 4294967295 | -∞ - -Infinity | This option rate limits the quota exceeded log events per second |
rateLimitStartInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start inbound session log events per second |
rateLimitStartOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start outbound session log events per second |
Security_Log_Profile.nat.publisher (object)¶
Specifies the name of the log publisher used for logging Network Address Translation events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.network (object)¶
Specifies, when enabled, that the system logs ACL rule matches, TCP events, and/or TCP/IP errors sent to the network firewall
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
alwaysLogRegion | boolean | false | true, false | Specifies, when enabled, that when a geolocation event causes a network firewall event, the system logs the associated IP address |
logIpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs IP error packets |
logRuleMatchAccepts | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Accept |
logRuleMatchDrops | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Drop |
logRuleMatchRejects | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Reject |
logTcpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs TCP error packets |
logTcpEvents | boolean | false | true, false | Specifies, when enabled, that the system logs TCP events (open and close of TCP sessions) |
logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
publisher | object | Specifies the name of the log publisher used for logging Network events | ||
rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate limit that applies to any network logging message |
rateLimitIpErrors | integer | 4294967295 | -∞ - -Infinity | This option enables or disables the logging of IP error packets |
rateLimitRuleMatchAccepts | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
rateLimitRuleMatchDrops | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
rateLimitRuleMatchRejects | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Reject |
rateLimitTcpErrors | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP error packets |
rateLimitTcpEvents | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP events on client side |
storageFormat | Specifies the format type for log messages. If it is a string it is user-defined |
Security_Log_Profile.network.publisher (object)¶
Specifies the name of the log publisher used for logging Network events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolDns (object)¶
Specifies, when enabled, that the system logs DNS security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped DNS requests |
logFilteredDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs DNS requests dropped due to DNS query/header-opcode filtering. The system does not log DNS requests dropped due to errors in the way the system processes DNS packets. |
logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed DNS requests |
logMaliciousRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malicious DNS requests |
logRejectedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs rejected DNS requests |
publisher | object | Specifies the name of the log publisher used for logging DNS security events | ||
storageFormat | Specifies the format type for log messages |
Security_Log_Profile.protocolDns.publisher (object)¶
Specifies the name of the log publisher used for logging DNS security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolDnsDos (object)¶
Specifies, when enabled, that the system logs detected DNS DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies the name of the log publisher used for logging DNS DoS events |
Security_Log_Profile.protocolDnsDos.publisher (object)¶
Specifies the name of the log publisher used for logging DNS DoS events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolInspection (object)¶
Specifies, when enabled, that the system logs events from the Protocol Inspection engine
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logPacketPayloadEnabled | boolean | false | true, false | Enable logging of the packet payload for Protocol Inspection events |
publisher | object | Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile.protocolInspection.publisher (object)¶
Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | “f5bigip” formatted string | |||
use |
Security_Log_Profile.protocolSip (object)¶
Specifies, when enabled, that the system logs SIP protocol security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped requests |
logGlobalFailures | boolean | false | true, false | Specifies, when enabled, that the system logs global failures |
logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed requests |
logRedirectedResponses | boolean | false | true, false | Specifies, when enabled, that the system logs redirection responses |
logRequestFailures | boolean | false | true, false | Specifies, when enabled, that the system logs request failures |
logServerErrors | boolean | false | true, false | Specifies, when enabled, that the system logs server errors |
publisher | object | Specifies the name of the log publisher used for logging SIP protocol security events | ||
storageFormat | Specifies the format type for log messages |
Security_Log_Profile.protocolSip.publisher (object)¶
Specifies the name of the log publisher used for logging SIP protocol security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolSipDos (object)¶
Specifies, when enabled, that the system logs detected SIP DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies the name of the log publisher used for logging SIP DoS events |
Security_Log_Profile.protocolSipDos.publisher (object)¶
Specifies the name of the log publisher used for logging SIP DoS events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.protocolTransfer (object)¶
Specifies, when enabled, that the system logs HTTP, FTP, and SMTP protocol security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies where the system sends log messages |
Security_Log_Profile.protocolTransfer.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile.sshProxy (object)¶
Specifies, when enabled, that the system logs SSH Proxy events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logAllowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs allowed channel actions |
logClientAuthFail | boolean | false | true, false | Specifies the name of the log publisher used for logging SSH Proxy events |
logClientAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs client auth partial events |
logClientAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs client auth success events |
logDisallowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs disallowed channel actions |
logNonSshTraffic | boolean | false | true, false | Specifies, when enabled, that the system logs non-SSH traffic events |
logServerAuthFail | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
logServerAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs server auth partial events |
logServerAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
logSshTimeout | boolean | false | true, false | Specifies, when enabled, that the system logs SSH timeouts |
publisher | object | Specifies the name of the log publisher used for logging SSH Proxy events |
Security_Log_Profile.sshProxy.publisher (object)¶
Specifies the name of the log publisher used for logging SSH Proxy events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Application (object)¶
When enabled, specifies the system logs events from applications.
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
facility | string | “local0” | “local0”, “local1”, “local2”, “local3”, “local4”, “local5”, “local6”, “local7” | Specifies the facility category of the logged traffic |
guaranteeLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local logging |
guaranteeResponseLoggingEnabled | boolean | false | true, false | Indicates whether to guarantee local response logging. guaranteeLoggingEnabled must be true and responseLogging must be illegal or all |
localStorage | boolean | true | true, false | Enables or disabled local storage |
maxEntryLength | string | “2k” | “1k”, “2k”, “10k”, “64k” | Specifies the maximum entry length |
maxHeaderSize | integer | 1 - 2048 | Specifies the maximum headers size | |
maxQuerySize | integer | 1 - 2048 | Specifies the maximum query string size | |
maxRequestSize | integer | 1 - 2048 | Specifies the maximum request size | |
protocol | string | “tcp” | “udp”, “tcp”, “tcp-rfc3195” | Specifies the protocol supported by the remote server |
remoteStorage | string | “remote”, “splunk”, “arcsight”, “bigiq” | Specifies a remote storage type | |
reportAnomaliesEnabled | boolean | false | true, false | Indicates whether to report detected anomalies |
responseLogging | string | “none” | “none”, “illegal”, “all” | Specifies a response logging type |
servers | array | Adds, deletes, or replaces a set of remote servers | ||
storageFilter | object | {} | Adds, deletes, or replaces a set of request filters | |
storageFormat | Specifies a storage format |
Security_Log_Profile_Application.storageFilter (object)¶
Adds, deletes, or replaces a set of request filters
Default: {}
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
httpMethods | array | Specifies whether request logging is dependent on the HTTP methods | ||
logicalOperation | string | “or” | “and”, “or” | Specifies the logical operation on associated filters |
loginResults | array | Specifies whether the request logging is dependent on the login results | ||
protocols | array | Specifies if request logging is dependent on the protocols | ||
requestContains | object | Specifies whether the request logging is dependent on s specific string and where to look for that string | ||
requestType | string | “illegal” | “all”, “illegal”, “illegal-including-staged-signatures” | Specifies which kind of requests the system or server will log |
responseCodes | array | Specifies whether request logging is dependent on the response status codes |
Security_Log_Profile_Application.storageFilter.requestContains (object)¶
Specifies whether the request logging is dependent on s specific string and where to look for that string
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
searchIn* | string | “search-in-headers”, “search-in-post-data”, “search-in-query-string”, “search-in-request”, “search-in-uri” | Where to look for the specified string | |
value* | string | The specified string to look for |
Security_Log_Profile_Bot_Defense (object)¶
Specifies, when enabled, the system logs events from the Proactive Bot Defense mechanism.
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
localPublisher | object | Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination),Reference to a log publisher,Reference for a BIG-IP or Use object | ||
logAlarm | boolean | false | true, false | This option enables or disables the logging of requests with alarm mitigation. This property is available on BIGIP 14.1 and above. |
logBlock | boolean | false | true, false | This option enables or disables the logging of requests with block mitigation. This property is available on BIGIP 14.1 and above. |
logBotSignatureMatchedRequests | boolean | false | true, false | This option enables or disables the logging of reported bot signature requests |
logBrowser | boolean | false | true, false | This option enables or disables the logging of requests with browser classification. This property is available on BIGIP 14.1 and above. |
logBrowserVerificationAction | boolean | false | true, false | This option enables or disables the logging of requests by browser verification action. This property is available on BIGIP 14.1 and above. |
logCaptcha | boolean | false | true, false | This option enables or disables the logging of requests with captcha mitigation. This property is available on BIGIP 14.1 and above. |
logCaptchaChallengedRequests | boolean | false | true, false | This option enables or disables the logging of captcha challenged requests |
logChallengedRequests | boolean | false | true, false | This option enables or disables the logging of challenged requests |
logChallengeFailureRequest | boolean | false | true, false | This option enables or disables the logging of requests by challenge failure. This property is available on BIGIP 15.0 and above. |
logDeviceIdCollectionRequest | boolean | false | true, false | This option enables or disables the logging of requests by device ID collection. This property is available on BIGIP 14.1 and above. |
logHoneyPotPage | boolean | false | true, false | This option enables or disables the logging of requests with honey pot page mitigation. This property is available on BIGIP 15.0 and above. |
logIllegalRequests | boolean | true | true, false | This option enables or disables the logging of illegal requests |
logLegalRequests | boolean | false | true, false | This option enables or disables the logging of legal requests |
logMaliciousBot | boolean | false | true, false | This option enables or disables the logging of requests with malicious bot classification. This property is available on BIGIP 14.1 and above. |
logMobileApplication | boolean | false | true, false | This option enables or disables the logging of requests with mobile application classification. This property is available on BIGIP 14.1 and above. |
logNone | boolean | false | true, false | This option enables or disables the logging of requests with no mitigation. This property is available on BIGIP 14.1 and above. |
logRateLimit | boolean | false | true, false | This option enables or disables the logging of requests with rate limit mitigation. This property is available on BIGIP 14.1 and above. |
logRedirectToPool | boolean | false | true, false | This option enables or disables the logging of requests with redirect to pool mitigation. This property is available on BIGIP 15.0 and above. |
logSuspiciousBrowser | boolean | false | true, false | This option enables or disables the logging of requests with suspicious browser classification. This property is available on BIGIP 14.1 and above. |
logTcpReset | boolean | false | true, false | This option enables or disables the logging of requests with TCP reset mitigation. This property is available on BIGIP 14.1 and above. |
logTrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with trusted bot classification. This property is available on BIGIP 14.1 and above. |
logUnknown | boolean | true | true, false | This option enables or disables the logging of requests with unknown classification. This property is available on BIGIP 14.1 and above. |
logUntrustedBot | boolean | false | true, false | This option enables or disables the logging of requests with untrusted bot classification. This property is available on BIGIP 14.1 and above. |
remotePublisher | object | Enables selecting a Log Publisher that has Splunk enabled,Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile_Bot_Defense.localPublisher (object)¶
Specifies, when enabled, a Log Publisher to log events to (Note: This publisher should have a single local-database destination) Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | “f5bigip” formatted string | |||
use |
Security_Log_Profile_Bot_Defense.remotePublisher (object)¶
Enables selecting a Log Publisher that has Splunk enabled Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | “f5bigip” formatted string | |||
use |
Security_Log_Profile_Classification (object)¶
Specifies, when enabled, that the system logs events from the Classification engine.
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logAllMatches | boolean | false | true, false | This option enables or disables the logging of all matches |
publisher | object | Specifies where the system sends log messages |
Security_Log_Profile_Classification.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Dos_Application (object)¶
Specifies, when enabled, that the system logs detected application DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
localPublisher | object | Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination) | ||
remotePublisher | object | Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations) |
Security_Log_Profile_Dos_Application.localPublisher (object)¶
Specifies the local log publisher used for Application DoS attacks (Note: This publisher should have a single local-database destination)
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Dos_Application.remotePublisher (object)¶
Specifies the remote log publisher used for Application DoS attacks (Note: This publisher should have ArcSight or Splunk destinations)
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Dos_Network (object)¶
Specifies, when enabled, that the system logs detected network DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies the name of the log publisher used for logging Network DoS events |
Security_Log_Profile_Dos_Network.publisher (object)¶
Specifies the name of the log publisher used for logging Network DoS events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Ip_Intelligence (object)¶
Specifies, when enabled, that the system logs IP Intelligence events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
publisher | object | Specifies the name of the log publisher used for logging IP Intelligence events | ||
rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | Defines a rate limit for all combined IP intelligence log messages per second |
Security_Log_Profile_Ip_Intelligence.publisher (object)¶
Specifies the name of the log publisher used for logging IP Intelligence events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Nat (object)¶
Specifies, when enabled, that the system logs Firewall NAT events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
formatEndInboundSession | Specifies the format type for log messages | |||
formatEndOutboundSession | Specifies the format type for log messages | |||
formatErrors | Specifies the format type for log messages | |||
formatQuotaExceeded | Specifies the format type for log messages | |||
formatStartInboundSession | Specifies the format type for log messages | |||
formatStartOutboundSession | Specifies the format type for log messages | |||
logEndInboundSession | boolean | false | true, false | Generates event log entries at the end of the incoming connection event for a translated endpoint. Triggered when the system frees the inbound session. |
logEndOutboundSession | boolean | false | true, false | Generates event log entries at end of translation event for a NAT client. Triggered when the system frees the outbound session. |
logEndOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the end of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
logErrors | boolean | false | true, false | Generates event log entries when a NAT translation errors occur |
logQuotaExceeded | boolean | false | true, false | Generates event log entries when a NAT client exceeds allocated resources |
logStartInboundSession | boolean | false | true, false | Generates event log entries at the start of the incoming connection event for a translated endpoint. Triggered when the system creates the inbound session. |
logStartOutboundSession | boolean | false | true, false | Generates event log entries at start of the translation event for a NAT client. Triggered when the system creates the outbound session. |
logStartOutboundSessionDestination | boolean | false | true, false | Include destination address and port with log entry for the start of the translation event for a NAT client. This is applicable only if lsn-legacy-mode is enabled |
logSubscriberId | boolean | false | true, false | Logs the subscriber ID associated with a subscriber IP address |
lsnLegacyMode | boolean | false | true, false | This option specifies whether translation events (and other NAT events) are logged in existing CGNAT/LSN formats (for backward compatibility with LSN events). |
publisher* | object | Specifies the name of the log publisher used for logging Network Address Translation events | ||
rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate for all the Firewall NAT log events that the system can log per second |
rateLimitEndInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end inbound session log events per second |
rateLimitEndOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the end outbound session log events per second |
rateLimitErrors | integer | 4294967295 | -∞ - -Infinity | This option rate limits the errors the system logs per second |
rateLimitQuotaExceeded | integer | 4294967295 | -∞ - -Infinity | This option rate limits the quota exceeded log events per second |
rateLimitStartInboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start inbound session log events per second |
rateLimitStartOutboundSession | integer | 4294967295 | -∞ - -Infinity | This option rate limits the start outbound session log events per second |
Security_Log_Profile_Nat.publisher (object)¶
Specifies the name of the log publisher used for logging Network Address Translation events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Nat_Storage_Format ()¶
Specifies the format type for log messages
Security_Log_Profile_Network (object)¶
Specifies, when enabled, that the system logs ACL rule matches, TCP events, and/or TCP/IP errors sent to the network firewall
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
alwaysLogRegion | boolean | false | true, false | Specifies, when enabled, that when a geolocation event causes a network firewall event, the system logs the associated IP address |
logIpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs IP error packets |
logRuleMatchAccepts | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Accept |
logRuleMatchDrops | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Drop |
logRuleMatchRejects | boolean | false | true, false | Specifies, when enabled, that the system logs packets that match ACL rules configured with action = Reject |
logTcpErrors | boolean | false | true, false | Specifies, when enabled, that the system logs TCP error packets |
logTcpEvents | boolean | false | true, false | Specifies, when enabled, that the system logs TCP events (open and close of TCP sessions) |
logTranslationFields | boolean | false | true, false | Specifies, when enabled, that the system logs translation values if and when it logs a network firewall event |
publisher | object | Specifies the name of the log publisher used for logging Network events | ||
rateLimitAggregate | integer | 4294967295 | -∞ - -Infinity | This option sets the aggregate rate limit that applies to any network logging message |
rateLimitIpErrors | integer | 4294967295 | -∞ - -Infinity | This option enables or disables the logging of IP error packets |
rateLimitRuleMatchAccepts | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
rateLimitRuleMatchDrops | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Accept or action = Accept Decisively |
rateLimitRuleMatchRejects | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of packets that match ACL rules configured with action = Reject |
rateLimitTcpErrors | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP error packets |
rateLimitTcpEvents | integer | 4294967295 | -∞ - -Infinity | This option sets rate limits for the logging of TCP events on client side |
storageFormat | Specifies the format type for log messages. If it is a string it is user-defined |
Security_Log_Profile_Network.publisher (object)¶
Specifies the name of the log publisher used for logging Network events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Dns (object)¶
Specifies, when enabled, that the system logs DNS security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped DNS requests |
logFilteredDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs DNS requests dropped due to DNS query/header-opcode filtering. The system does not log DNS requests dropped due to errors in the way the system processes DNS packets. |
logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed DNS requests |
logMaliciousRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malicious DNS requests |
logRejectedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs rejected DNS requests |
publisher | object | Specifies the name of the log publisher used for logging DNS security events | ||
storageFormat | Specifies the format type for log messages |
Security_Log_Profile_Protocol_Dns.publisher (object)¶
Specifies the name of the log publisher used for logging DNS security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Dns_Dos (object)¶
Specifies, when enabled, that the system logs detected DNS DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies the name of the log publisher used for logging DNS DoS events |
Security_Log_Profile_Protocol_Dns_Dos.publisher (object)¶
Specifies the name of the log publisher used for logging DNS DoS events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Inspection (object)¶
Specifies, when enabled, that the system logs events from the Protocol Inspection engine
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logPacketPayloadEnabled | boolean | false | true, false | Enable logging of the packet payload for Protocol Inspection events |
publisher | object | Reference to a log publisher,Reference for a BIG-IP or Use object |
Security_Log_Profile_Protocol_Inspection.publisher (object)¶
Reference to a log publisher Reference for a BIG-IP or Use object
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | “f5bigip” formatted string | |||
use |
Security_Log_Profile_Protocol_Sip (object)¶
Specifies, when enabled, that the system logs SIP protocol security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logDroppedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs dropped requests |
logGlobalFailures | boolean | false | true, false | Specifies, when enabled, that the system logs global failures |
logMalformedRequests | boolean | false | true, false | Specifies, when enabled, that the system logs malformed requests |
logRedirectedResponses | boolean | false | true, false | Specifies, when enabled, that the system logs redirection responses |
logRequestFailures | boolean | false | true, false | Specifies, when enabled, that the system logs request failures |
logServerErrors | boolean | false | true, false | Specifies, when enabled, that the system logs server errors |
publisher | object | Specifies the name of the log publisher used for logging SIP protocol security events | ||
storageFormat | Specifies the format type for log messages |
Security_Log_Profile_Protocol_Sip.publisher (object)¶
Specifies the name of the log publisher used for logging SIP protocol security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Sip_Dos (object)¶
Specifies, when enabled, that the system logs detected SIP DoS attacks
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies the name of the log publisher used for logging SIP DoS events |
Security_Log_Profile_Protocol_Sip_Dos.publisher (object)¶
Specifies the name of the log publisher used for logging SIP DoS events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Protocol_Transfer (object)¶
Specifies, when enabled, that the system logs HTTP, FTP, and SMTP protocol security events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
publisher | object | Specifies where the system sends log messages |
Security_Log_Profile_Protocol_Transfer.publisher (object)¶
Specifies where the system sends log messages
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |
Security_Log_Profile_Ssh_Proxy (object)¶
Specifies, when enabled, that the system logs SSH Proxy events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
logAllowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs allowed channel actions |
logClientAuthFail | boolean | false | true, false | Specifies the name of the log publisher used for logging SSH Proxy events |
logClientAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs client auth partial events |
logClientAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs client auth success events |
logDisallowedChannelAction | boolean | false | true, false | Specifies, when enabled, that the system logs disallowed channel actions |
logNonSshTraffic | boolean | false | true, false | Specifies, when enabled, that the system logs non-SSH traffic events |
logServerAuthFail | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
logServerAuthPartial | boolean | false | true, false | Specifies, when enabled, that the system logs server auth partial events |
logServerAuthSuccess | boolean | false | true, false | Specifies, when enabled, that the system logs server auth failure events |
logSshTimeout | boolean | false | true, false | Specifies, when enabled, that the system logs SSH timeouts |
publisher | object | Specifies the name of the log publisher used for logging SSH Proxy events |
Security_Log_Profile_Ssh_Proxy.publisher (object)¶
Specifies the name of the log publisher used for logging SSH Proxy events
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP log publisher | |
use | string | BIG-IP AS3 pointer to log publisher declaration |