Forum Discussion
Forwarding syslog-ng from a specific interface
Hi all,
I'm trying to get syslog forwarded from our F5 boxes to a Splunk server for indexing, reporting, and alerting. At the moment, I'm only concentrating on the LTM log. I found an article (that I can't find again for whatever reason) that suggested a config similar to what I have at the end of this post.
I set that up, and it appears to be correct (no syslog-ng errors/crashes), but our log server is not receiving the log data. After working with the F5 a little more, I discovered that traffic is by default routed out of our external (web serving) interface. It needs to go out of our mgmt inteface due to network configurations -- the external iface is restricted from the log server via network acls and routing. I don't want to muck with the default routing on the F5 considering that my have additional implications that I don't know of. I verified that with netcat, specifying an address to send on gets to our log server, but when I tried looking online for a method to make syslog-ng connect, I couldn't find anything. Is there a way to specify which IP address or interface syslog-ng should be sending on?
-- Config snippet --
b syslog include '"
filter f_local0a {
facility(local0);
};
destination d_loghost5a {
udp(\"xx.xx.xx.xx\" port (514));
};
log {
source(local);
filter(f_local0a);
destination(d_loghost5a);
};
"'
- Cory_50405
Noctilucent
This article and the links within should get you what you need:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com