Forum Discussion
rglus6970_30822
Nimbostratus
NimbostratusRequest Logging/Log Publisher
I am having a real difficult time grasping the relationship between a log publisher, a formatted log destination and an unformatted destination. All the F5 information I can find on log publishers on...
I_R_101_110
Cirrus
CirrusI felt the page below gave good relevant information though the inner machinations you may be looking for are not explained in detail. I would assume the internal flow is similar to the diagram you posted. The unformatted/formatted logging destinations is a confusing concept for me as well but I just chalk it up to something that is likely simple code behind the hood but convoluted in the config/GUI. Regardless, this excerpt was helpful in giving me enough information to complete my configurations.
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-4-0/11.html
For an example of configuring remote, high-speed logging, suppose you want to send all Protocol Security messages to a group of remote ArcSight servers. In this case, you would create:
For an example of configuring remote, high-speed logging, suppose you want to send all Protocol Security messages to a group of remote ArcSight servers. In this case, you would create:
- A load balancing pool for the ArcSight logging servers.
- An unformatted Remote High-Speed Log destination that references the pool of ArcSight logging servers.
- A formatted ArcSight log destination that references an unformatted log destination.
- A publisher that references the formatted and unformatted log destinations.
- A Protocol Security logging profile that references the publisher.An LTM virtual server or GTM listener that references the logging profile and the load balancing
I hope this helps.
Kind regards,
Nicolas