Forum Discussion
F5 remote logging server
Hi all,
I have configured F5 to use a remote log server which is in a different subnet range. Nothing is going into it from F5. Are there some other things that have to be enabled also?
The remote log server is based on Graylog solution.
Looking at this article can someone explain the concept of Default route domain ((Domain 0) or management network)?
https://my.f5.com/manage/s/article/K13080
Does this means that my Graylog server has to be on the same network as F5
Thanks,
Igor
Hi,
We managed to solve the problem by configuring Logging Profile in Security >> Event Logs: Logging Profiles and assigning it to a VS.
We had to set the Logging Format to CSV, which is a headache for Graylog since you have to create extractors for different field types.
Your syslog server can be anywhere. The F5 needs to know how to get there! For syslog traffic, originating from the F5 BIG-IP you can use the MGMT port but if you want to use High Speed Logging (HSL) it would be advantageous to use a TMM port. To accomplish these things, you need to add routes. So the F5 knows where to send the traffic. Then of course you need to make sure your network has the correct permissions (firewall policies) and routes as well.
- igor_Cirrus
Hi Ben,
I can confirm network connectivity.
What I would like to accomplish is to forward HTTP nd HTTPS request/response access logs from virtual servers, but can't get it to work.
We have tried configuring HSL but no luck.
Do you have any suggestions?
I need something similar to the way HAProxy forwards access logs like this:
<150>1 2023-07-27T12:39:12.294222+02:00 ha-proxy1 haproxy 2017 - - 66.222.89.228:56299 [27/Jul/2023:12:39:12.014] hapeuat~ api/uatapi1 0/0/0/279/279 200 5358 - - --NI 59/59/0/0/0 0/0 "GET /api/v1/content/auto-img/shared/footer.png HTTP/1.1"
Cab you show us your work? What you have tried so far.
- igor_Cirrus
Hi,
Thanks so much for the response. I am waiting for my network engineer next week so that I can verify that everything is allowed between networks.
I will be also looking into configuring HSL. Seems that something wasn't configured properly on F5.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com