Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrostratus rankCirrostratus
Feb 01, 2024

setting up a vip for syslog (logpoint) traffic, any thoughts?

Hey all!

 

I´m setting up a udp vip for syslog (514). I´ve configured a standard udp vip with a udp profile with the datagram lb setting enabled. 

Does anyone have any more tips on what to configure? In this case its logpoint for the backend servers. 

I´m wondering if the idle timeout (default 60 secs) is to much as we ´re seeing ALOT of connections, I´m thinking of lowering it to 5 secs or immediate.. any thoughts?

 

Anyone have any experience in using bigip and logpoint syslog?

 

/Kim

application delivery
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Feb 02, 2024

    Hi , 

    Yes right , stateless VS is  recommended in case of UDP connections and I think it will be the most perfect option for syslog , you can find this in this article : https://my.f5.com/manage/s/article/K13675

    So IF you need " Datagram LB " option , you have to rely on standard or stateless >> but in case of syslog use " stateless " type and attach your custom UDP profile which enabled " Datagram LB " option. 

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Feb 01, 2024

    I recommend using >> performance layer4 virtual server type , this is faster than Standard one.

     

    For timeout I don't see 60 sec is that high , but it's recommended always to set a shorter idle timeout periods  so this depending on your environment , you can set any value suits your integrations with SYSLOG.


  • kimhenriksen's avatar
    kimhenriksen
    Icon for Cirrostratus rankCirrostratus
    Feb 01, 2024

    Does the performance layer4 loadbalance udp packet by packet? On the standard I´ve got that configured in the udp profile, but the there is no udp profile option on the performance layer 4. But I am checking we can do a stateless udp vip instead.. I found a article describing the setup and that it´s preferable for high traffic udp vips, such as syslog and dns.

    • Mohamed_Ahmed_Kansoh's avatar
      Mohamed_Ahmed_Kansoh
      Icon for MVP rankMVP
      Feb 02, 2024

      Hi , 

      Yes right , stateless VS is  recommended in case of UDP connections and I think it will be the most perfect option for syslog , you can find this in this article : https://my.f5.com/manage/s/article/K13675

      So IF you need " Datagram LB " option , you have to rely on standard or stateless >> but in case of syslog use " stateless " type and attach your custom UDP profile which enabled " Datagram LB " option. 

      • kimhenriksen's avatar
        kimhenriksen
        Icon for Cirrostratus rankCirrostratus
        Feb 08, 2024

        We did this yesterday and it seems to be working nicely now. Thanks!!