Forum Discussion

prt1969_120570's avatar
prt1969_120570
Icon for Nimbostratus rankNimbostratus
Jan 27, 2016

11.4.1 syslog default local IP?

This may be an obvious question, but I cannot seem to find anything that tells me what is the default source IP F5 LTM uses to send syslog messages? Running code 11.4.1 HF5. My current configurations...
application delivery
LTM
syslog
IanB's avatar
IanB
Icon for Employee rankEmployee
Jan 27, 2016

I think there are two issues here.

The first is that the source address that gets used for syslog will default to the self-ip or mgmt address on the outbound interface, but can be overridden with the local-ip parameter on a per-remote-server basis:

Example:

tmsh modify sys syslog remote-servers add { syslogservername { local-ip 1.2.3.4 host 5.5.5.5 remote-port 514 } }

In the GUI, this is under system / logs / configuration / remote-logging

The second issue is that the interface selected to reach the syslog server will follow the ip route table. tmm routes are copied into the linux routing table, so if you have a tmm default route (network / routes), and the syslog server is not directly connected, then this route will be used, and the self-ip on the outbound interface will be the source address.

In many cases, customers desire the management address to be used, so big-ip provides a management-route command, which I believe can only be configured via the tmsh commandline, and this creates routes in the linux routing table. You would typically create a route for the subnet of your syslog servers, and set the gateway to the IP of the router on your management network.

For more information, please see SOL13284