11.4.1 syslog default local IP?

I think there are two issues here.

The first is that the source address that gets used for syslog will default to the self-ip or mgmt address on the outbound interface, but can be overridden with the local-ip parameter on a per-remote-server basis:

Example:

tmsh modify sys syslog remote-servers add { syslogservername { local-ip 1.2.3.4 host 5.5.5.5 remote-port 514 } }

In the GUI, this is under system / logs / configuration / remote-logging

The second issue is that the interface selected to reach the syslog server will follow the ip route table. tmm routes are copied into the linux routing table, so if you have a tmm default route (network / routes), and the syslog server is not directly connected, then this route will be used, and the self-ip on the outbound interface will be the source address.

In many cases, customers desire the management address to be used, so big-ip provides a management-route command, which I believe can only be configured via the tmsh commandline, and this creates routes in the linux routing table. You would typically create a route for the subnet of your syslog servers, and set the gateway to the IP of the router on your management network.

For more information, please see SOL13284

Thanks for the response. I should have mentioned I already have statics for the syslog destinations pointed out the management interface. Just looking to find out what default local IP the syslog messages will bind as it's source IP.