Forum Discussion
Routing udp syslog through F5 LTM without losing source IP
I am trying to figure out how to route udp syslog messages through my F5's without it modifying the source IP. I can get the messages through when I setup a "Standard" virtual server with Auto Map enabled but that changes the IP. No other setting I have tried actually lets the message get to the backend nodes. Any help would be greatly appreciated.
FWIW, the use case here is this:
(udp syslog from switches) -> LTM -> (pool of Logstash servers) -> Redis -> (Logstash indexer) -> Elasticsearch
The reason for the LTM is both HA and load balancing. The LTM is in an active / standby pair and there are multiple Logstash servers in the pool. This gives me both reliability and performance.
- Simon_BlakelyEmployee
I am having an issue understanding why UDP syslog packets are requiring SNAT - there is no reply packet for syslog, so nothing need to go back to the LTM/client.
Maybe you need a packet capture to see where the packets are going once they leave the LTM.
- Saddam_ZEMMALI_Nimbostratus
- kridsanaCirrocumulus
I'm not sure about UDP.
but Can logstash server have F5 as default gateway? So you don't need to enable snat automap.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com