LTM-VE logging impact

Question

I have a question regarding the LTM-VE sitting in AWS.  We are using this LTM as a load balancer for web requests.  A concern that was brought up from security was that our splunk logs on the private side do not have external IP addresses.  I found a link that will allow me to write that information in the Irules of the LTM.
https://devcentral.f5.com/wiki/iRules.LogHttpTcpUdpToSyslogng.ashx
So my concern is that adding the extra rules to push the external IP information to a syslog server will add a lot of burden on that set of servers.  I'm not quite sure of the impact. When I look at cloudwatch, I only see the CPU at 12% on avg.  The server is an M4xlarge, so pretty big.  I have been told that we have a number of Irules, so I'm not sure if there is best practice around adding logging rules like this, and where it should be in the order.  Any help on this would be appreciated.... Or is there a better way to gather this information, rather than in Irules?&nbsp;

simon_blakely · Answer

If the irules are logging data directly to a High Speed Logging pool, the impact should be pretty low.  
&nbsp;
You can look at the CPU stats for irules/virtuals to determine the impact.&nbsp;
There is no rule of thumb before implementation, though, so you just need to test it out (preferably on a test environment, naturally).&nbsp;

Forum Discussion

LTM-VE logging impact

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

AI Friday Episode 6: DeepSeek & Sci-Fi's Impact on AI Development | AI News & Insights

BIG-IP LTM VE config sync failure

Logging DNS Requests

LTM VE behind Sophos Firewall deployment - configuration/setup question

CEF logs F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS