Forum Discussion
Nimbostratusirlue to send the logs to remote server using port number will use which protocol by default TCP/UDP
Hi,
I am using an irule to send the logs to remote server . Just wanted to know th eport number mentioned in irule will use UDP or TCP .
I belive its UDP , but requesting someone to please confirm . Below the irule used :
when SERVER_CONNECTED { log x.x.x.x:518 local0.info "client: [IP::client_addr]:[TCP::client_port] -> VIP: [clientside {IP::local_addr}]:[clientside {TCP::local_port}] -> Node: [IP::server_addr]:[TCP::server_port]" }
13 Replies
Kiran_145850Below is the output from F5 using
tcpdump -lnni 0.0 udp and host x.x.x.x and port 518
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
07:48:13.244408 IP x.x.x.x.56996 > x.x.x.x.518: UDP, length 145
07:48:13.286717 IP x.x.x.x.12251 > x.x.x.x.518: UDP, length 144
07:48:13.512914 IP x.x.x.x.3040 > x.x.x.x..518: UDP, length 144
tcpdump -lnni 0.0 udp and host x.x.x.x and port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
07:48:37.546228 IP x.x.x.x.53789 > x.x.x.x..514: SYSLOG local0.info, length: 144
07:48:37.548936 IP x.x.x.x.2972 > x.x.x.x.514: SYSLOG local0.info, length: 144
I will do a tcpdump on remote server
- Kiran_145850
Please find the o/p from remote server . Traffic is reaching from F5 .
tcpdump host x.x.x.x and port 518
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:03:34.755647 IP f5 device > syslogserver.ntalk: UDP, length 145
08:03:34.879445 IP f5 device.59295 > syslogserver.ntalk: UDP, length 138
08:03:34.955722 IP f5 device.56996 > syslogserver.ntalk: UDP, length 144
- Kiran_145850
Hi Kevin,
Thanks for you excellent support .
Issue resolved -- it was a miconfiguration at the remote server .
