Forum Discussion
Mrad_231364
Nimbostratus
NimbostratusCGNAT logging
Hello,
Is there any iRule for CGNAT so we can send log messages to a syslog server. What we need exactly is the below: IP/port --> natted IP/port
Thank you.
VernonWellsEmployee
An iRule is not generally needed for CGNAT logging. If the LSN pool type is NAPT, then you may simply add a logging profile:
Mrad_231364Thank you for your response, we are using PBA and not NAPT. We have a very big number of logs, so we need to send them to an external syslog server.
- Mrad_231364
Thank you for your response, we are using PBA and not NAPT. We have a very big number of logs, so we need to send them to an external syslog server.
- VernonWells
The purpose of PBA is to reduce logging verbosity, but it comes at the cost of translation space efficiency. If you intend to log every translation, then it makes sense to switch to NAPT. Keep in mind that when PBA allocates a block for a subscriber, a log entry is created describing that block. This information can be used to track a translation back to the subscriber.
(I suspect, from your last post, that you are already aware of this fact and are really just looking to log remotely what is currently being logged locally. If so, I apologize for rehashing facts that you already know.)
Regardless of the translation type, a Logging Profile uses a Log Publisher, which can use remote logging.
- Mrad_231364
Thank you Vernon for your answer. Yes we are using PBA on purpose and as you said we want to use PBA to track a translation back to the subscriber. So from what i understand we don't need an iRule to log the translations we only need to create a logging profile as described in the f5 article you sent, right ?
- VernonWells
Indeed! :)
- Mrad_231364
Hello, i've just tried it and unfortunately it did not work. Is there any troubleshooting tips that may help ? thank you
- VernonWells
Is it logging locally, or not at all? Can you share your LSN pool configuration, the Log Publisher, Log Destination and the Logging Profile configurations? Make sure you format it using block format so that it is easily readable.
- Mrad_231364
Dear Vernon, Please find the attached screenshots of the configuration. I just followed the simple steps. Thank you
- VernonWells
Actually, could you post the results of the following commands:
tmsh list ltm virtual tmsh list ltm lsn-pool tmsh list sys log-config publisher Log_Publisher tmsh list sys log-config destination Log_Destinations tmsh list ltm pool syslog_poolwhere is the name of the Virtual Server to which you've attached the LSN Pool, and is the name of the LSN Pool.