Create and View Log Entries

In this section, you will generate various types of traffic through the firewall as you did previously, but now you will view the log entries using the network firewall log. Open your web browser and once again try to access http://10.1.20.11. Also, try to ping 10.1.20.11.

Open the Security > Event Logs > Network > Firewall page on bigip01.f5demo.com (10.1.1.4). The log file shows the ping requests are being accepted and the web traffic is being dropped:

Note

Logging is Pre-Configured for this lab

We will not configure external logging in this lab, you should be aware that the BIG-IP supports high speed external logging in various formats including SevOne, Splunk and ArcSight.

Navigate: Security > Options > Network Firewall > Firewall Options

Default Firewall options configuration determine if the system is in ADC mode or Firewall Mode. In the screenshot below note the Virtual Server & Self IP Contexts Value. If it is set to Accept (system default) the Firewall is in ADC mode.

Note

For this lab we will use Firewall Mode with the value set to Reject

Review the log configuration

Navigate Security>>Event Logs>>Logging Profiles

Navigate Select Global Network

Navigate Click on the Network Firewall Tab

Navigate Use the publisher pulldown to select local-db-publisher

Review the configuration. The Storage Format section allows you to select the values included in the log.