Forum Discussion

yousuf211's avatar
Icon for Nimbostratus rankNimbostratus
May 20, 2023

Setting up syslog alerts to Splunk when an individual pool member becomes unavailable in virual serv

Hi Team,

We are trying to setup alerts to Splunk so that in case any member becomes unavailable for any reason within a particular virtual server then we can see it on Splunk. There is recommended way to use use Splunk Universal forwarded/agent but are not allowed to install so have to use Splunk heavy forwarder instead. I have come across below article to set up syslog messages but its generic and not based on individual virtual server:

I believe this can be acheiveable with iRules and with some research , I've found an example which is using to generate syslog when client tries to connect to specific virtual server but not addressing my issue.

I was wondering if this is even acheivable with this approach or even supported by Big-IP at all? I have very little experience with this technology and unsure if I can acheive this task or not?

1 Reply

  • The first link is helpful and in conjunction with the following two links I believe you can configure the appropriate filter for all pool members if they go down or come back up. Please keep in mind that this will not be for a specific virtual server but for all pools having a pool member go down or up. If you look at the following link you can see that the IDs you will most likely want to filter on are 01070638 and 01070727 with a severity of notice.

    In the following article you can also see the different alert severity levels if by chance you want to filter additional log levels.

    If you are ever in doubt, you can always check your current F5 logs to see what logging level the specific log is and the associated ID.