Forum Discussion
Nimbostratussyslog not sending messages
Hello, I configured my bigip for sending to a syslog server and nothing is showing up. The F5 can ping the server so it doesnt seem to be a connectivity issue. The command I used was: : modify /sys syslog remote-servers add { SYSLOGSERVER { host 192.168.20.50 remote-port 514 }}
11 Replies
Amine_KadimiMVP
Hi, make sure you didn't forget to save your change:
save /sys config
tolinrome_13817thanks I did, but unfortunately that didn't help. What else, if anything needs to be done?
natheCirrocumulus
Have you tried running a tcpdump on the hos and seeing if you see any traffic on 514? if you ping at the same time do you also see it in tcpdump?
Does both traffic go over the same route?
See the following for traffic routing - it may point to the problem. Overview of management interface routing (11.x)
Hope this helps,
N
- tolinrome_13817
yes traffic is on 514, did a tcpdump.
- StephanManthey
Nacreous
As Nathan already pointed out it might be a routing problem.
Which way you want the syslog messages to go? If it should leave via management interface you see it in the tcpdump when specifying an interface of "
". If it should leave through one of the VLANs you see it in the tcpdump when specifying an interface of "-nnni eth0
" in combination with the layer 2 header data. This way you make sure the messages go through the right path and dont get dropped by a firewall. Perhaps the missing packets show up in your firewall logs?-nnni 0.0 -e - tolinrome_13817
Thank you. The syslog messages are not coming from the management interface (network), they are coming from the another network (the self IP). I had to make a rule in the firewall for this to work correctly now.
I would prefer the syslog messages to source from the management network on the F5, is there a way to do this?
- StephanMantheyHi, yes, you can force it by setting specific host routes to use the management interface. These routes can be set from CLI only: tmsh create sys management-route network / gateway tmsh save sys config Thanks, Stephan
- tolinrome_13817
My management network is 10.65.1.0.
I tried the commands you suggested and when I listed the sys management-route it says:
sys management-route MGMT { gateway 10.65.1.1 network 10.65.1.0/24 } sys management-route default { description configured-statically gateway 10.65.1.1 network default
The top one I configured and the bottom one was already there.
- StephanMantheyHi, I guess your syslog server is not locally attached. Thats why a specific route is required. Unfortunately the host management subsystem is not completely separated from the TMOS interfaces. So the default route of TMOS will probably be higher prioritized than the default route you specified for management. A host route to the syslog server solves the problem as it will be more specific. Assuming your syslog server is hosted on 10.201.201.201 a host route will look like this: tmsh create sys management-route route_syslog_host_mgmt network 10.201.201.201/32 gateway 10.65.1.1
- Amine_Kadimi
You entered the wrong IP as destination. Try:
tmsh delete sys management-route MGMT tmsh create sys management-route MGMT network 192.168.20.50/32 gateway 10.65.1.1 - tolinrome_13817
Thank you all very much.
