cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Does anyone did traffic logging?

SWJO
Cirrostratus
Cirrostratus

Hi guys

 

I`m searching method which can logging or inspecting traffic information.

 

Target license are LTM and CGNAT.

 

I have looking for Telemetry streaming but that seems providing sampling information.

I need full traffic information not sampling data. also don`t need mirroring.

 

I think using i-Rule with HSL can be a method but I`m wondering how much traffic can be logging.

-> how much means about CPS 150K.

-> and BIGIP`s disk can be able to hold the logs.

1 ACCEPTED SOLUTION

Hi,

 

Yes, the purpose of HSL is for syslog protocol. You can forward to external syslog server by TCP / UDP based on syslog receiver.

View solution in original post

6 REPLIES 6

NUT2889
Cirrostratus
Cirrostratus

Hi,

 

F5 not suggest to store log locally. From my experience F5 support recommend customer forward log to SIEM / Big Data Solution / BIG-IQ instead.

Hi.

 

Then is there possible method not store logs in box but forward to remote?

Hi,

 

Previously message might not clear for you. If we talk about technical perspective.

  1. If you have security module running on F5 device.
    1. Logging profile with local log publisher to store on F5 locally.
    2. Logging profile with remote log publisher forward log to SIEM / Big Data / BIG-IQ
  2. If you don't have security module on F5 device.
    1. iRule to generate HSL by sending log to SIEM / Big Data / BIG-IQ
    2. iRule for log locally

SWJO
Cirrostratus
Cirrostratus

Hi.

 

I don`t have security module.

So select 2.

there are 2 selections.

before select, I`m first time out HSL.

Does HSL can send syslog remote not store on BIGIP?​

Hi,

 

Yes, the purpose of HSL is for syslog protocol. You can forward to external syslog server by TCP / UDP based on syslog receiver.

SWJO
Cirrostratus
Cirrostratus

Hi.

Thanks for your advice.