Forum Discussion

SWJO's avatar
SWJO
Icon for Cirrostratus rankCirrostratus
Jan 23, 2020
Solved

Does anyone did traffic logging?

Hi guys

 

I`m searching method which can logging or inspecting traffic information.

 

Target license are LTM and CGNAT.

 

I have looking for Telemetry streaming but that seems providing sampling information.

I need full traffic information not sampling data. also don`t need mirroring.

 

I think using i-Rule with HSL can be a method but I`m wondering how much traffic can be logging.

-> how much means about CPS 150K.

-> and BIGIP`s disk can be able to hold the logs.

  • Hi,

     

    Yes, the purpose of HSL is for syslog protocol. You can forward to external syslog server by TCP / UDP based on syslog receiver.

  • Hi,

     

    F5 not suggest to store log locally. From my experience F5 support recommend customer forward log to SIEM / Big Data Solution / BIG-IQ instead.

    • SWJO's avatar
      SWJO
      Icon for Cirrostratus rankCirrostratus

      Hi.

       

      Then is there possible method not store logs in box but forward to remote?

      • NUT2889's avatar
        NUT2889
        Icon for Cirrostratus rankCirrostratus

        Hi,

         

        Previously message might not clear for you. If we talk about technical perspective.

        1. If you have security module running on F5 device.
          1. Logging profile with local log publisher to store on F5 locally.
          2. Logging profile with remote log publisher forward log to SIEM / Big Data / BIG-IQ
        2. If you don't have security module on F5 device.
          1. iRule to generate HSL by sending log to SIEM / Big Data / BIG-IQ
          2. iRule for log locally