![]() ![]() Launch the postman, enter the API endpoint:Ĭonfigure the Data connector of Azure Sentinel with F5 BIG-IP device On the JSON declaration, be careful with the schemaVersion, the version should match with the install The F5 Application Streaming v3 extension, in my case it’s 3.45.0 Use the visual studio code and add JSON formatter extension to format the JSON code and avoid any indentation error on the code. "responseTemplate": "event_source=\"response_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\",http_statcode=\"$HTTP_STATCODE\",http_status=\"$HTTP_STATUS\",response_ms=\"$RESPONSE_MSECS\"" "requestTemplate": "event_source=\"request_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\"" "remark": "Only required when TS is a local listener", ![]() The Telemetry Streaming’s API endpoint – ( " ![]() The system’s API endpoint – ( Telemetry streaming (TS) is an iControl LX extension delivered as a TMOS-independent RPM file with the ability to declaratively aggregate, normalize and forward statistics and events from the BIG-IP to a consumer application by posting a single TS JSON declaration to TS’s declarative REST API endpoint. Azure Sentinel is able to collect the logs from the F5 BIG-IP via Telemetry Streaming regardless of its deployed location – F5 BIG-IP does not need to be on Azure to fetch those logs.Ī little background about the F5 BIG-IP Application Services 3 and Telemetry Streaming.īIG-IP AS3, the F5 BIG-IP Application Services 3 is an extension that uses a declarative model – JSON declaration instead of a set of imperative commands to create resources on a BIG-IP system. One can leverage the usage of Azure Sentinel to collect and display the data using the Telemetry streaming extension on the F5 BIG-IP device. Note: More detailed steps along with configuration images can be found on : The purpose of this guide is to document a little more elaborated guide for both learning and deployment aspects and also address the possible issues that could be faced during the process of deployment. This guide is heavily based on the work performed by Greg_Coward and one can view on here. This user guide is all about the configuration and deployment of Telemetry Streaming and Application Service 3 (AS3) on F5 BIG-IP to fetch logs on Azure Sentinel as its consumer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |