Forum Discussion

Nimbostratus

Jun 28, 2016

Using two Virtual Servers to limit duplicate syslog messages reaching a Splunk Forwarder.

I have a requirement to limit duplicate syslog messages reaching our dual site splunk deployment and to only forward logging messages received at a second site if the first site has an issue. A...

Employee

Jun 30, 2016

Hi,

use an irule on both.
create pool A and Pool B on both.
you can test pool member availability in the irule with LB::status
you can drop a connection with irule command drop/discard/reject

so this way you can on the backup site B test if the primary pool member A is available and drop the request accordingly.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Using two Virtual Servers to limit duplicate syslog messages reaching a Splunk Forwarder.

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Geo location update

Help with an iRule to disconnect active connections to Pool Members that are "offline"

block a specific user

ASM/AWAF declarative policy

OOB Security Notification — Why you should patch NGINX Plus/Open Source now

Related Content

Rate limiting WebSocket messages for Agents

UDP TCP Packet Duplication

Duplicating BIG-IP Objects

Secure and Harden Forward Proxies in NGINX Plus

Load Balancing TCP TLS Encrypted Syslog Messages

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS