Forum Discussion

Nimbostratus

Oct 03, 2012

UDP Syslog Monitor

I am trying to think of an easy way to monitor the health of ArcSight Collectors listening for UDP Syslog. We have a very high volume syslog environment and want to institute load balancing of the co...

config

design

Hamish

Cirrocumulus

Oct 05, 2012

If you enable tcp syslog (syslog-ng) you can send the logs via a tcp connection rather than a fire & forget UDP message. Does the ArcSight collector have a tcp option?

If you really need UDP then you probably need to combine an ICMP query with a UDP message... ICMP checks the box is up/down. Then the UDP will get nothing back IF the syslog receiver is listening, and SHOULD receive an ICMP port closed message if nothing is listening but the server is up. I'm not sure if a UDP monitor looks for the ICMP coming back if nothing is listening... It might, but I haven't checked. if it doesn't you'll need to do this as an external monitor.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

UDP Syslog Monitor

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Load Balancing TCP TLS Encrypted Syslog Messages

UDP TCP Packet Duplication

BIGIP unable to send tcp/udp packets to syslog servers

UDP Datagram LB

Syslog virtual server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS