Forum Discussion
AltostratusHigh Speed Logging to SumoLogic Collector not Working
HI,
I am trying to get some values from a HTTP header to be sent to a SumoLogic Collector and am having difficulties with how the messages end up at the SumoLogic box.
I can see the data being sent to the SumoLogic box but it doesn't seem to be able to read it. The log is just random corrupted text.
I have setup a Log destination as Remote HSL using a pool UDP/1514 and the Publisher set to the Destination config
I have also tried setting up another destination using remote syslog and forward that to the Remote HSL Destination as well but still get same result.
I know this is being sent to the SumoLogic collector because I have got captures going out to the Sumo collector and the UDP Packets contain the text I wanted logged.
Is there some issue on the F5 or is the Sumo collector not reading the format right or something??.
Cheers
1 Reply
SmithyCirrostratus
I'm not familiar with Sumo Logic, but for my 3 node ELK cluster with 2 logstash servers, I just use HSL. See below.
create ltm node elk1.f5.demo { address 10.1.30.111 description "ELK Logstash/Data/Master Node" } create ltm node elk2.f5.demo { address 10.1.30.112 description "ELK Kibana/Master Node" } create ltm node elk3.f5.demo { address 10.1.30.113 description "ELK Logstash/Data/Master Node" } create ltm pool elk_log_5401_pool { members replace-all-with { elk1.f5.demo:5401 elk3.f5.demo:5401 } } create sys log-config destination remote-high-speed-log elk_hsl_5401_dest { pool-name elk_log_5401_pool protocol udp distribution balanced } create sys log-config publisher elk_log_5401_pub destinations replace-all-with { elk_hsl_5401_dest }
