Forum Discussion

PaulONL's avatar
PaulONL
Icon for Nimbostratus rankNimbostratus
Mar 02, 2020

Problem between F5 CGNAT and Graylog Server

Dear F5 Community,

 

I have F5 model Model: BIG-IP i7600 with version: Version: 14.1.0.3 Build 0.0.6 running as CGNAT.

And I installed Graylog server version: 3.0 free edition to receive the LSN CGNAT logs.

I followed document below to send the CGNAT logs from F5 CGNAT to the Graylog server as HSL, but Graylog can not receive the CGNAT logs from F5.

https://techdocs.f5.com/en-us/bigip-14-0-0/big-ip-cgnat-implementations-14-0-0/using-cgnat-logging-and-subscriber-traceability.html

 

Everyone used to have such experience? and how to solve the issue?

 

Please kindly advise.

Thank you.

 

  • Hi Nag,

     

    Thank for your information.

    Yes, i used to use the command: tcpdump 

    I can see message sending to Graylog server, but at the server Graylog does not receive the logs.

    May you please have any more advice?

     

    Thank with regards,

    PaulONL

     

  • NAG's avatar
    NAG
    Icon for Cirrostratus rankCirrostratus

    Hi,

     

    I didnt come across such a problem.

     

    However, best way to troubleshoot to find the root cause is to take packet captures::

     

    Here is the command you could use to get packet captures F5:

     

    tcpdump -vvni 0.0:nnnp -s0 host <IP_Address_of_Graylog> and port <PORT_of_Graylog> -w /var/log/file_name.pcap

     

    Hope this helps,

    Nag