Forum Discussion
LTM Policy don't send to external log server
CEnroth The management interface isn't automatically used for syslog and would be completely dependent on your routing table for your management interface along with the routing table for traffic that the F5 load balances and/or forwards. You can verify what's being used by running the following two commands.
list sys management-route one-line
list net route one-line
The first command will show your statis routes that you have configured for the management interface and the second will be the routes for your general load balanced and/or forwarded traffic on the F5. Please note that the default route on the management interface does not supercede the default route on the routed interfaces of the F5 and the only thing that would supercede it is a specific route on the management interface or if the subnet is directly connected on the management interface. If your F5 is in path it will use whichever interface is closest to the routed destination to communicate with the log server.
PauliusThanks for the information.
In this case I use "Route Domains" for all other communications, so "list net route one-line" is empty.
Mgmt interface had a "default route", but to be sure that nothing had better route then that I added a /32.
Once in a while I get below error message, and initially i thought it was remote syslog server that "rejected" the packages but as I said in before I used TCPDUMP to see if anything exited the Mgmt interface but nothing did.
Error in log file:
Execution of action 'log write port=514 message= facility=local0 priority=info ip-address=192.168.0.100' failed, error ERR_REJECT
It is possible that packages leaves the loadbalancer on some other interface, but I had TCPDUMP listen on all other interface and did not see udp/514 packages on any of them.
And forgot to say that i can PING syslog server from LB, and that package leaves on Mgmt interface.
/C
- PauliusOct 28, 2023MVP
CEnroth This might be one of those instances where you try the iRule equivalent and see if it has the same results. If you do have the same result you might have to reach out to F5 TAC to see if it's an unkown bug or possibly a missconfiguration.
- CEnrothOct 28, 2023Nimbostratus
PauliusThanks for all input, and i think you are right about routing. And as I use "route domains" then /Common (id = 0) would probably be the one where all messages would be sourced from. But in my case I don't use /Common and there for this route domain has no routes. One can think that the ERR_REJECT message indicates that there is no way out from this vlan/net. But I will do as your suggestion and try a iRule with HSL::send to see if that works.
And once again, thanks for the input 😀
Regards
Christian
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com