For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Heinrichm_18951's avatar
Heinrichm_18951
Icon for Cirrus rankCirrus
Mar 02, 2015

Set source interface for syslog to non-zero route domain ip

Hi All, I need to send syslog for some virtual servers to a syslog server in a non-zero route domain. I have an existing iRule for the job, however, it used to be run for the %0 domain (so it used to work), and now that I need to utilize it for a %1 domain a problem arises: %1 is not considered particularly secure so there’s no firewall opening between the two (I’ve verified that the firewall blocks the packages).

When I send the logs I send from the default %0 interface, so I need the source to be the existing interface in the %1 routing domain.

I’ve tried adding %1 for destination in my iRule, but it didn’t change the source interface (I still intercepted the packages in the firewall from the original ip).

[…]
   log -noname 192.168.1.15%1:3316 local0.info $txt
   log local0. $txt
[…]

The BIG-IP already has an IP address in the %1 route domain. Is there a command to set this as the source/output self IP? Or do you know of another way to get around this?

application delivery
devops
iRules
LTM
management
syslog

2 Replies

  • amolari's avatar
    amolari
    Icon for Cirrostratus rankCirrostratus
    Mar 02, 2015

    what about your routing table? Do you have a route to that syslog server within that route domain?

     

  • Heinrichm_18951's avatar
    Heinrichm_18951
    Icon for Cirrus rankCirrus
    Mar 04, 2015

    Sorry about the long reply time, I'm new to F5 so it took some time to view the route table for a non-zero rd.

     

    Yes there's a route for the net and I have a self IP in the segment. If I do a traceroute in cli while in %1 I only have 1 hop directly to the server.