Forum Discussion
Justkennie_4820
Nimbostratus
NimbostratusBigIP version 10 and logs to remote syslog server
Hi Guys,
I have a bigip 3600 version 10 running. I configure the below command to send syslog to a remote serfer, yet I am not geting the logs on the syslog server. Checking the traffic on the network shows that the bigip is not sending syslog traffic.
modify /sys syslog remote-servers add { SIEM { host 10.2.160.34 remote-port 514 }}
natheCirrocumulus
Justkennie - the command looks fine. Can you confirm it's correct when you run: list /sys syslog all-properties? Can you ping the syslog server from the BIG-IP?
What about if you run tcpdump on the BIG-IP, does this show syslog traffic going out? I wonder if it's going out over a route you're not expecting? i.e. over a TMM interface rather than Management route? Do a filter on either interface 0.0 (TMM) or eth0 (management).
Hope this helps,
N
ShakeelRashid_8Was there a solution found to this? I have a very similar problem, I'm running tcpdump on all interfaces (in both bash and TMSH) but I'm finding that the LTM isn't sending out any syslog messages. I've even tried the echo test. I've gone over the routing differences between TMM and mgmt interfaces and everything looks ok, I'm stumped :S
jaikumar_f5MVP
Can you confirm if your syslog setting is set properly. Dont have a v10 version to tell you the commands, is tmsh present in your version ?
tmsh list sys syslog- ShakeelRashid_8
Sorry, I should've mentioned, I'm on v11, not 10. This is what I have configured:
[user@viprion:/S1-green-P:Active:In Sync] ~ tmsh list sys syslog sys syslog { remote-servers { remotesyslog1 { host x.x.x.x } remotesyslog2 { host y.y.y.y } remotesyslog3 { host z.z.z.z } remotesyslog4 { host a.a.a.a } remotesyslog5 { host b.b.b.b } remotesyslog6 { host c.c.c.c } } }
The port isn't showing up here but in the GUI its showing as 514
- jaikumar_f5
Do you have the routes set for the syslog servers,
tmsh list sys management-routeAnd search your syslog servers in it.
- ShakeelRashid
Was there a solution found to this? I have a very similar problem, I'm running tcpdump on all interfaces (in both bash and TMSH) but I'm finding that the LTM isn't sending out any syslog messages. I've even tried the echo test. I've gone over the routing differences between TMM and mgmt interfaces and everything looks ok, I'm stumped :S
- jaikumar_f5
Can you confirm if your syslog setting is set properly. Dont have a v10 version to tell you the commands, is tmsh present in your version ?
tmsh list sys syslog - ShakeelRashid
Sorry, I should've mentioned, I'm on v11, not 10. This is what I have configured:
[user@viprion:/S1-green-P:Active:In Sync] ~ tmsh list sys syslog sys syslog { remote-servers { remotesyslog1 { host x.x.x.x } remotesyslog2 { host y.y.y.y } remotesyslog3 { host z.z.z.z } remotesyslog4 { host a.a.a.a } remotesyslog5 { host b.b.b.b } remotesyslog6 { host c.c.c.c } } }
The port isn't showing up here but in the GUI its showing as 514
- jaikumar_f5
Do you have the routes set for the syslog servers,
tmsh list sys management-routeAnd search your syslog servers in it.