F5 BIG-IP Load Balancer (11.x - 17.x)

This guide outlines two methods to forward logs from your BIG-IP Load Balancer to a Log collector:

Method 1 : Using the configuration utility.

Method 2 : Using TMOS Shell

Prerequisites

You must meet the following prerequisites to use these procedures:

  • System is running BIG-IP 11.x and later.

  • The remote syslog server(Log Collector) is accessible from your BIG-IP system on the default route domain (Domain 0) or management network, and conversely, your BIG-IP system is accessible from the remote syslog server.

  • If you want to use a fully qualified domain name (FQDN) for the syslog servers, configuration of DNS servers is required.

Method 1 : Using the configuration utility.

The Configuration utility provides a basic means of configuring the syslog configurations.

  1. Log in to the Configuration utility.

  2. Go to System > Logs > Configuration > Remote Logging.

  3. For Remote IP, enter the Log Collector IP address, or FQDN. (DNS server configuration required)

  4. For Remote Port, enter the UDP port (default is 514).

  5. (Optional) For Local IP, enter the local IP address of the BIG-IP system.

    Note: For BIG-IP systems in a high availability (HA) configuration, the non-floating self IP address is recommended if using a Traffic Management Microkernel (TMM) based IP address.

  6. Select Add.

  7. Select Update.

  8. For BIG-IP systems in a high availability (HA) configuration, perform a ConfigSync to synchronize the changes to the other devices in the device group.

Method 2 : Using TMOS Shell.

To configure extensive syslog-ng customizations, you must use the command line

  1. Log in to the TMOS Shell (tmsh) by entering the following command:

    tmsh

  2. To add a single remote syslog server, use the following command syntax:

    modify /sys syslog remote-servers add { <name> { host <IP addr or FQDN> remote-port <port> }}

    For example, to add Log Collector IP 10.154.210.201 with port 514 and name mysyslog, enter the following command:

    modify /sys syslog remote-servers add { mysyslog { host 10.154.210.201 remote-port 514 }}

    Note: If you do not enter a port number, the system configures the default port number, 514.

  3. To save the configuration, enter the following command:

    save /sys config

  1. For BIG-IP systems in a high availability (HA) configuration, perform a ConfigSync to synchronize the changes to the other devices in the device group.

Reference: https://my.f5.com/manage/s/article/K13080

Video link:

YouTube

Previouslenovo thinksystem storageNextSeqrite 76