Syslog & Source IP on cluster
I encounter a bug with the syslog-ng process : there was no syslog trafic initiated by the F5 on the remote syslog server after a reboot of the BIGIP.
This was in fact related to a known issue : see http://support.f5.com/kb/en-us/solu...10239.html :
This is the result of a known issue. The BIG-IP system does not force daemons to use the configured management port address. As a result, the traffic may not use the intended source address or route when sending unsolicited outbound traffic. (...) Processes, such as ntpd , which do not allow the address to be specified may not consistently use the intended address or route, and communication for the service provided by the process may be interrupted at system startup or upon subsequent restarts of the process.
The workaround :
- For ntpd, be sure that a management route is configured for the syslog serve (hosted an another VLAN)
=> A management route was set for the syslog (the syslog server is on anoter VLAN) but this doesn't impact the behaviour. I check, there is not other route for this subnet on the TMM routes.
- For syslog-ng, configure a source IP to be sure that the preocess will be using the intended source IP.
http://support.f5.com/kb/en-us/solu...12080.html) Works fine, even after reboot/restart. => I try to configure a Source IP for the syslog (cf
But there is another issue, related to this workaround : the Source IP for the syslog is saved on the bigip_sys.conf file, and this file is synchronized between the two members of the cluster.
So the 2 BIGIP are using the same Source IP Address to perform the log on the syslog. We can still saw which bigip is performing the logs (we saw the hostname on the syslog) however this is not the best way.
Someone had the same issue before ? If yes, do you find a workaround on the F5 to avoid this issue ?
Thank you for your help :)