Forum Discussion

Jacqueline_Tadr's avatar
Jacqueline_Tadr
Icon for Altocumulus rankAltocumulus
Dec 17, 2021

remote SYSlog setup

I'm in the process of setting up remote syslog on my Big IPs. My understanding from documents it's a simple task:

  • If I want to dedicate to a specific drive on a server with multiple drive, is there a way to set it up accordingly?
  • This syslog for system logs. Do I need to add a publisher profile on each virtual server still?
  • Do I get logs locally and remote or this has to be setup?

Lastly but not least:

  • if local logs won't show after adding the remote syslog, how can I set it up to get logs locally and remotely?

Thanks!

  • Sean_Chao's avatar
    Sean_Chao
    Dec 28, 2021

    Hello  ,

     

    Regarding your questions:

     

    • If I want to dedicate to a specific drive on a server with multiple drive, is there a way to set it up accordingly?

    I believe this depends on how the drive was setup and mount on the remote system. The configuration on BIG-IP can only direct the log to a certain server IP(s), but not a specific drive.

     

    • This syslog for system logs. Do I need to add a publisher profile on each virtual server still?

    Setting up a remote syslog server (syslog-ng) as described in K13080 does not require a publisher to be configured as you would do with the remote High-Speed Logging (HSL).

     

    • Do I get logs locally and remote or this has to be setup?

    No setup needed, configuring a new remote syslog server does not disable the local logging settings.

     

    • if local logs won't show after adding the remote syslog, how can I set it up to get logs locally and remotely?

    The log should still be generated locally even the remote server setting doesn’t work. For additional troubleshooting, refer to K86480148.

     

    And regarding the local IP - It is optional, and there are some additional information in K86480148 for your reference: “If the local IP setting has an IP address configured, the BIG-IP system will only send log messages from the interface to which the IP address is assigned and ignore routes that use other interfaces, even if a destination is a closer match.”

     

    Hope it helps! And if you have encountered unexpected behavior or need any further assistance during the setup, please feel free to contact us:

    K2633: Instructions for submitting a support case to F5

    K135: Information required when opening a support case for BIG-IP LTM, AFM, DNS, Link Controller, and PEM

     

     

  • Thanks Anjuli, them but didn't explain or confirm anything about directing logs to a specific drive on a syslog server that multiple use. Also the way I understand the profile and the publisher etc. don't clearly show if this is always done or only if we have multiple syslog servers.

    Just to confirm, when I'm setting up the syslog server, if I use the local IP of the Big IP would this allow logs to go to local drive as well as remote server? it show there in the document but doesn't explain it clearly why I would want to put the local IP in the remote syslog setup. Thank you!

    • Sean_Chao's avatar
      Sean_Chao
      Icon for Employee rankEmployee

      Hello  ,

       

      Regarding your questions:

       

      • If I want to dedicate to a specific drive on a server with multiple drive, is there a way to set it up accordingly?

      I believe this depends on how the drive was setup and mount on the remote system. The configuration on BIG-IP can only direct the log to a certain server IP(s), but not a specific drive.

       

      • This syslog for system logs. Do I need to add a publisher profile on each virtual server still?

      Setting up a remote syslog server (syslog-ng) as described in K13080 does not require a publisher to be configured as you would do with the remote High-Speed Logging (HSL).

       

      • Do I get logs locally and remote or this has to be setup?

      No setup needed, configuring a new remote syslog server does not disable the local logging settings.

       

      • if local logs won't show after adding the remote syslog, how can I set it up to get logs locally and remotely?

      The log should still be generated locally even the remote server setting doesn’t work. For additional troubleshooting, refer to K86480148.

       

      And regarding the local IP - It is optional, and there are some additional information in K86480148 for your reference: “If the local IP setting has an IP address configured, the BIG-IP system will only send log messages from the interface to which the IP address is assigned and ignore routes that use other interfaces, even if a destination is a closer match.”

       

      Hope it helps! And if you have encountered unexpected behavior or need any further assistance during the setup, please feel free to contact us:

      K2633: Instructions for submitting a support case to F5

      K135: Information required when opening a support case for BIG-IP LTM, AFM, DNS, Link Controller, and PEM