Forum Discussion

komenancs's avatar
komenancs
Icon for Nimbostratus rankNimbostratus
Jan 08, 2024

Logging Configuration in LTM HA

Hello everyone

I'm doing a logging lab and I'm asking for your help to understand some things.

I have two BIG-IP LTM in HA and a Qradar logging server.

I have configured the Qradar as syslog servers at each HA node.

At the Qradar level I receive the active logs but the standby only sends errors like "BIGIP_TMM_TIMMERR_PMBR_BACK_UP.

I'd like to know if it's normal for the standby to send only error messages, and in general I'd like to understand how logging works in HA and what type of event each device sends to the server.

thanks in advance

 

  • Logging is set on each appiance as its own configuration, however since most log alerts should be comming from the dataplane -only the active will be logging that traffic.  In your logging engine you should be able to search by name or IP -to ensure that the logs are comming in from both devices.

    Depending on what interface you are logging from - and or how much natting - and proxy'ing you do - you should probably consider adding the IP address that logging is coming from under local IP - in the logging configuration.  
    If the IP address in local IP  -is set in DNS , it should show up in the logging with the correct host name.

     

    • komenancs's avatar
      komenancs
      Icon for Nimbostratus rankNimbostratus

      Thank you very much for your reply.

      Indeed I can see the logs of my two devices using the hostname, or the IP.

      I understand better.