Hi
We have f5 bigip APM being used logins to OWA and ActiveSync etc.
Now we have a requirement where the soc team wants logs in the following formatting.
Splunk has an app that I think can do a lot of dashboard generation work on its own from the f5 APM logs, but these guys are using logrythm and expect f5 to do the log formatting.
I'm just the f5 guy, so I'm trying to understand how ActiveSync actually works, they seem to think its a service with a separate login account while I believe its just an authorization for few users under the OWA login itself.
I achieved some of this by using the custom logging agent but the ActiveSync part is a bit tricky, how can I proceed here?
OWA:
user x has failed login from 1.1.1.1 through OWA due to invalid user while using user agent: Chrome
user x has failed login from 1.1.1.1 through OWA due to failed password while using user agent: Chrome
user x has successful login from 1.1.1.1 through OWA while using user agent: Chrome
Active Sync:
user x has failed login from 1.1.1.1 through active sync due to invalid user while using deviceid: (mobile phone device id)
user x has failed login from 1.1.1.1 through active sync due to failed password while using user agent: (mobile phone device id)
user x has successful login from 1.1.1.1 through active sync while using user agent: (mobile phone device id)
No comments:
Post a Comment