Forum Discussion
Kevin_Nail
Nimbostratus
Nimbostratussyslog-ng and centralized logging
We are trying to find a way to send syslog from the servers behind bigip to a central log server and distinguish what host the message came from. Is there any way to do this?
Will creating ...
No, I don't think that will work.
The syslog server and the clients initiating the connections to it (the LB servers) will be on opposite sides of the LTM, so you have to build a path through it.
Address translation on the virtual server refers to destination address translation, not source address translation. SNAT refers to one method of source address translation.
The default SNAT you already have configured will apply unless the traffic traverses a VS with SNAT disabled, and the goal here was to prevent client address translation.
To disable SNAT, you need a Standard Virtual Server rather than a forwarding one -- you can't disable SNAT on a forwarding virtual server (except with an iRule).
The virtual server must be configured to handle outbound traffic from the LB servers to the syslog server: That's why it's enabled on the server-facing vlan with an address on that subnet.
I mis-stated the requirement for address translation in my previous post (corrected now): You would need to leave address translation enabled so the traffic goes to the real remote syslog server address when it leaves LTM.
