Forum Discussion

awan_m's avatar
awan_m
Icon for Cirrostratus rankCirrostratus
Oct 08, 2023

Send data to 2 pool members in HSL pool

Hi all - i have 2 members in a HSL pool - and i want to send logs to both , meaning not load blance but send a copy to both pool members -  is there a way of acheving that  Thanks 
application delivery
F5_Design_Engineer's avatar
F5_Design_Engineer
Icon for MVP rankMVP
Oct 09, 2023

Hi Awan,

replicated option is for pool only not for publisher. In tmsh here is the syntax

create /sys log-config destination remote-high-speed-log <log destination name> distribution <adaptive|balanced|replicated> pool-name <HSL pool name> protocol <tcp|udp>

 

 

Log Publisher is step 4, first you need to creat log pools in step 1 then only you can go for log publishers:

 

Setting The BIG-IP into using HSL Steps.

  1. Create a Pool with the remote log server as the member.
  2. Go to System  ››  Logs : Configuration : Log Destinations and create one of these two types of Destinations depending on whether you want to use TMM or management for the traffic.
    1. For a High Speed Logging Destination Click Create Select the pool you created in step 1.
      1. Name the Log Destination.
      2. Select 'Remote High-Speed Log'.
      3. Select the pool you created in step 1.
      4. Select TCP or UDP.
      5. Select the Distribution method (leave in default if only one pool member).
      6. Click Finished.
      7. To use the management interface (only one IP can be used in this method)
        1. Enter IP and port of logging server.
        2. Select Protocol.
        3. Click Finished.
        4. Now create another Log Destination (this will in essence trick the BIG-IP to use HSL logging).
          1. Choose type Splunk.
          2. Forward to either the HSL or management interface.
          3. Click Finished.
          4. Go to System  ››  Logs : Configuration : Log Publishers
            1. Click Create.
            2. Name it.
            3. Choose the Destination from step 3.
            4. Click Finished.

              The logging traffic proceeds from top to bottom in the illustration.

               
               
               
               

               

              https://my.f5.com/manage/s/article/K17398

              For your iRule, please refer below

              open and send for HSL

              https://clouddocs.f5.com/api/irules/HSL__open.html

              https://clouddocs.f5.com/api/irules/HSL__send.html

              https://my.f5.com/manage/s/article/K50040950

              https://my.f5.com/manage/s/article/K50040950

               

              https://clouddocs.f5.com/cli/tmsh-reference/v15/modules/ltm/ltm_rule_command_HSL_open.html

               

              Please note

               The protocol is case sensitive and must be specified in all uppercase letters.

              Prior to 11.1 the protocol value is not validated when an iRule is saved, but will cause a run-time error when executed for a connection if the protocol is not valid (UDP or TCP).

              The pool name is not validated when an iRule is saved but will cause a run-time error when executed if the pool does not exist.

               

              HTH

              F5 Design Engineer

              🙏

               

  • awan_m's avatar
    awan_m
    Icon for Cirrostratus rankCirrostratus
    Nov 07, 2023

    Thanks for teh response - but this does not solve my Problem 

    My use case is - 

    i have - Acive and Standby F5s in 2 Data centers - F51 - DC -A , F52 - DC-B

    i need to send all traffic to IDS appliance - so i connect one F5 interface to a switch in each datacenter that has the IDS device connected to it - and on each F5 i created a static ARP entry 

    what i want to do is create a pool that has both IDS devices in it - attach that pool to teh virtual server as client side clone pool  and send traffic to both pool members - 

    any suggestions .

    thanks