Forum Discussion
Nimbostratusload balancing to log servers SNAT shows as the source
We are trying to load balance log servers on a different subnet then the F5. When we do this the SNAT address shows up as the source instead of the actual server. So the logs look as if they are coming from the F5 instead of the actual source. Is there anything I can do so the actual source ip shows the device that sent the log. Thanks
4 Replies
giltjrWill SNAT is source NAT, it is doing exactly what you want it to do.
What type of logging? Standard syslog udp 514? If so then you should not need SNAT, but then again, if you are doing standard syslog udp 514, I don't think load balancing to different syslog servers is a good idea.
- giltjr
Not much you can do. SNAT is working as designed.
I am assuming that you are doing something to make a specific source server to always go to the same target server.
Otherwise you could have syslog messages from the same source going to different syslog servers.
- giltjr
IP does not have a "original" IP address or "original" device identifier.
What you MIGHT be able to do if you have a enough IP addresses in the subnet your syslog server is on is do a static one-to-one SNAT. So that each real device has a specific SNAT address. This assumes you don't have a ton of devices though.
christopher_stjI've been fighting this same scenario for 2 weeks. I found this:
https://devcentral.f5.com/codeshare/kill-snat-automap
It worked great on RHEL6.10.
