For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrocumulus rankCirrocumulus
Feb 01, 2024
Solved

setting up a vip for syslog (logpoint) traffic, any thoughts?

Hey all!

 

I´m setting up a udp vip for syslog (514). I´ve configured a standard udp vip with a udp profile with the datagram lb setting enabled. 

Does anyone have any more tips on what to configure? In this case its logpoint for the backend servers. 

I´m wondering if the idle timeout (default 60 secs) is to much as we ´re seeing ALOT of connections, I´m thinking of lowering it to 5 secs or immediate.. any thoughts?

 

Anyone have any experience in using bigip and logpoint syslog?

 

/Kim

application delivery
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Feb 02, 2024

    Hi , 

    Yes right , stateless VS is  recommended in case of UDP connections and I think it will be the most perfect option for syslog , you can find this in this article : https://my.f5.com/manage/s/article/K13675

    So IF you need " Datagram LB " option , you have to rely on standard or stateless >> but in case of syslog use " stateless " type and attach your custom UDP profile which enabled " Datagram LB " option. 

4 Replies

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Feb 01, 2024

    I recommend using >> performance layer4 virtual server type , this is faster than Standard one.

     

    For timeout I don't see 60 sec is that high , but it's recommended always to set a shorter idle timeout periods  so this depending on your environment , you can set any value suits your integrations with SYSLOG.


  • kimhenriksen's avatar
    kimhenriksen
    Icon for Cirrocumulus rankCirrocumulus
    Feb 01, 2024

    Does the performance layer4 loadbalance udp packet by packet? On the standard I´ve got that configured in the udp profile, but the there is no udp profile option on the performance layer 4. But I am checking we can do a stateless udp vip instead.. I found a article describing the setup and that it´s preferable for high traffic udp vips, such as syslog and dns.

    • Mohamed_Ahmed_Kansoh's avatar
      Mohamed_Ahmed_Kansoh
      Icon for MVP rankMVP
      Feb 02, 2024

      Hi , 

      Yes right , stateless VS is  recommended in case of UDP connections and I think it will be the most perfect option for syslog , you can find this in this article : https://my.f5.com/manage/s/article/K13675

      So IF you need " Datagram LB " option , you have to rely on standard or stateless >> but in case of syslog use " stateless " type and attach your custom UDP profile which enabled " Datagram LB " option. 

      • kimhenriksen's avatar
        kimhenriksen
        Icon for Cirrocumulus rankCirrocumulus
        Feb 08, 2024

        We did this yesterday and it seems to be working nicely now. Thanks!!