Forum Discussion
Justkennie_4820
Nimbostratus
NimbostratusBigIP version 10 and logs to remote syslog server
Hi Guys,
I have a bigip 3600 version 10 running. I configure the below command to send syslog to a remote serfer, yet I am not geting the logs on the syslog server. Checking the traffic on the network shows that the bigip is not sending syslog traffic.
modify /sys syslog remote-servers add { SIEM { host 10.2.160.34 remote-port 514 }}
ShakeelRashid_8Was there a solution found to this? I have a very similar problem, I'm running tcpdump on all interfaces (in both bash and TMSH) but I'm finding that the LTM isn't sending out any syslog messages. I've even tried the echo test. I've gone over the routing differences between TMM and mgmt interfaces and everything looks ok, I'm stumped :S
- ShakeelRashid_8
Any thoughts from anyone?
- ShakeelRashid_8
Yes mate, followed that as well. Got stuck at the final step:
Using the tcpdump utility to verify that syslog traffic is sent by the BIG-IP system
When manually generating a syslog message, nothing gets sent out to any configured syslog servers. Thought I'd ask the question to see if anyone else has had a similar problem before getting in touch with tech support.
jaikumar_f5MVP
Interesting, have you also followed through this article already.
- ShakeelRashid
Was there a solution found to this? I have a very similar problem, I'm running tcpdump on all interfaces (in both bash and TMSH) but I'm finding that the LTM isn't sending out any syslog messages. I've even tried the echo test. I've gone over the routing differences between TMM and mgmt interfaces and everything looks ok, I'm stumped :S
- ShakeelRashid
Any thoughts from anyone?
- ShakeelRashid
Yes mate, followed that as well. Got stuck at the final step:
Using the tcpdump utility to verify that syslog traffic is sent by the BIG-IP system
When manually generating a syslog message, nothing gets sent out to any configured syslog servers. Thought I'd ask the question to see if anyone else has had a similar problem before getting in touch with tech support.
- jaikumar_f5
Interesting, have you also followed through this article already.
natheCirrocumulus
Justkennie - the command looks fine. Can you confirm it's correct when you run: list /sys syslog all-properties? Can you ping the syslog server from the BIG-IP?
What about if you run tcpdump on the BIG-IP, does this show syslog traffic going out? I wonder if it's going out over a route you're not expecting? i.e. over a TMM interface rather than Management route? Do a filter on either interface 0.0 (TMM) or eth0 (management).
Hope this helps,
N