Forum Discussion
CirrostratusDoes anyone did traffic logging?
Hi guys
I`m searching method which can logging or inspecting traffic information.
Target license are LTM and CGNAT.
I have looking for Telemetry streaming but that seems providing sampling information.
I need full traffic information not sampling data. also don`t need mirroring.
I think using i-Rule with HSL can be a method but I`m wondering how much traffic can be logging.
-> how much means about CPS 150K.
-> and BIGIP`s disk can be able to hold the logs.
Hi,
Yes, the purpose of HSL is for syslog protocol. You can forward to external syslog server by TCP / UDP based on syslog receiver.
6 Replies
NUT2889Hi,
F5 not suggest to store log locally. From my experience F5 support recommend customer forward log to SIEM / Big Data Solution / BIG-IQ instead.
SWJOHi.
Then is there possible method not store logs in box but forward to remote?
- NUT2889
Hi,
Previously message might not clear for you. If we talk about technical perspective.
- If you have security module running on F5 device.
- Logging profile with local log publisher to store on F5 locally.
- Logging profile with remote log publisher forward log to SIEM / Big Data / BIG-IQ
- If you don't have security module on F5 device.
- iRule to generate HSL by sending log to SIEM / Big Data / BIG-IQ
- iRule for log locally
- If you have security module running on F5 device.
