To respond to customer requests for increased availability of LM logs to 3rd party SIEM products, WAF logging has been enhanced to support integration with Splunk via the HTTP Event Collector (HEC):

  • A new Splunk Logging Format is supported for JSON remote logging, which is only displayed when the Enable Remote Logging check box is enabled.
  • LM logs have been enhanced to be displayed properly by Splunk.
  • Note that a SPLUNK username is used to authenticate to HEC, along with an HEC authentication token.
  • A new Logging Format is supported for JSON remote logging, which is only displayed when the Enable Remote Logging check box is enabled.
  • A hard-coded SPLUNK username is used to authenticate to HEC, along with an HEC authentication token.
  • The Password/Token must be obtained from the HEC configuration.