Describe the enhancement:
Users can be successful today ingesting logs from F5 load balancers and other network appliances. See blog that describes how to accomplish that: https://johntuckner.me/2017/02/20/elk-integrating-f5-ltm-and-asm/ https://github.com/tuckner/f5-elk
Describe a specific use case for the enhancement or feature:
We can make this experience more turnkey by documenting how to turn this on on the F5 and providing a module to automatically parse the logs.
tbragin
All 5 comments
I am currently working on a filebeat module for F5 Networks BIG-IP 13.x through 15 - I have a strong technical background in F5 Networks products and a significant number of our clients use these - Initially I am targeting log data from LTM, AVR, and ASM with a view to adding APM [Access Policy Manager] and DNS at a later stage (Although DNS is easier than APM/AVR/ASM so that order might change depending on frustration levels!) - I have already built this out using Logstash in the past but am now faced with two options - transition the LS configurations to ECS or transition to a filebeat module / elastic pipeline - DO you see much value in offering this pre-canned?
bnenjk84
on 30 Jul 2019
@bnenjk84 Did you work this out?
hazcod
on 2 Mar 2020
I would like to see a filebeat module to support log file monitoring from F5. Have you made any further development efforts on this?
DaveC50
on 13 Mar 2020
@bnenjk84 circling back on F5, were you able to make progress toward implementing this w/ a filebeat module?
jasonslater2000
on 17 Apr 2020
If somebody could provide me with some guidance on how to create a filebeat module, that would be great. I have some F5 logs to use, but I can't seem to find any clear dev docs..
hazcod
on 4 May 2020
Related issues
MorrieAtElastic
路
3Comments
TomaszKlosinski
路
3Comments
ptrlv
路
3Comments
EndlessTundra
路
3Comments
dedemorton
路
3Comments
Most helpful comment
I am currently working on a filebeat module for F5 Networks BIG-IP 13.x through 15 - I have a strong technical background in F5 Networks products and a significant number of our clients use these - Initially I am targeting log data from LTM, AVR, and ASM with a view to adding APM [Access Policy Manager] and DNS at a later stage (Although DNS is easier than APM/AVR/ASM so that order might change depending on frustration levels!) - I have already built this out using Logstash in the past but am now faced with two options - transition the LS configurations to ECS or transition to a filebeat module / elastic pipeline - DO you see much value in offering this pre-canned?