Hi Awan,
Use Distribution setting as == Replicated
Default is Adaptive
There are three options for this Distribution setting:
- Adaptive == Default Setting
This is the default method and uses the same distribution method as previous BIG-IP versions. When set to adaptive, the BIG-IP system selects one pool member from the HSL pool, establishes a connection, and sends all of the HSL traffic to this remote log server until either the rate of the HSL traffic exceeds what the remote log server is capable of accepting or the HSL connection to the remote log server is lost. When this happens, the BIG-IP system selects the next pool member from the HSL pool, establishes a new connection, and sends the rest of the HSL traffic to the next remote log server.
- Balanced
This method directs the BIG-IP system to use the load balancing method that is configured in the HSL pool to pick a pool member every time the system attempts to send a log.
- Replicated
This method replicates each log to all pool members of the HSL pool. This method is typically used when you want to have the same set of logs on another backup remote log server.
Unless you specifically require the BIG-IP system to load balance HSL traffic between the remote log servers of the assigned HSL pool, or replicate HSL traffic to all pool members, F5 recommends that you use the default HSL traffic distribution method (adaptive).
K17398: Configuring the High Speed Logging traffic distribution method
https://my.f5.com/manage/s/article/K17398
HTH
F5 Design Engineer
🙏
Hi Awan,
replicated option is for pool only not for publisher. In tmsh here is the syntax
create /sys log-config destination remote-high-speed-log <log destination name> distribution <adaptive|balanced|replicated> pool-name <HSL pool name> protocol <tcp|udp>
Log Publisher is step 4, first you need to creat log pools in step 1 then only you can go for log publishers:
Setting The BIG-IP into using HSL Steps.
- Create a Pool with the remote log server as the member.
- Go to System ›› Logs : Configuration : Log Destinations and create one of these two types of Destinations depending on whether you want to use TMM or management for the traffic.
- For a High Speed Logging Destination Click Create Select the pool you created in step 1.
- Name the Log Destination.
- Select 'Remote High-Speed Log'.
- Select the pool you created in step 1.
- Select TCP or UDP.
- Select the Distribution method (leave in default if only one pool member).
- Click Finished.
- To use the management interface (only one IP can be used in this method)
- Enter IP and port of logging server.
- Select Protocol.
- Click Finished.
- Now create another Log Destination (this will in essence trick the BIG-IP to use HSL logging).
- Choose type Splunk.
- Forward to either the HSL or management interface.
- Click Finished.
- Go to System ›› Logs : Configuration : Log Publishers
- Click Create.
- Name it.
- Choose the Destination from step 3.
- Click Finished.
The logging traffic proceeds from top to bottom in the illustration.
https://my.f5.com/manage/s/article/K17398
For your iRule, please refer below
open and send for HSL
https://clouddocs.f5.com/api/irules/HSL__open.html
https://clouddocs.f5.com/api/irules/HSL__send.html
https://my.f5.com/manage/s/article/K50040950
https://my.f5.com/manage/s/article/K50040950
https://clouddocs.f5.com/cli/tmsh-reference/v15/modules/ltm/ltm_rule_command_HSL_open.html
Please note
The protocol is case sensitive and must be specified in all uppercase letters.
Prior to 11.1 the protocol value is not validated when an iRule is saved, but will cause a run-time error when executed for a connection if the protocol is not valid (UDP or TCP).
The pool name is not validated when an iRule is saved but will cause a run-time error when executed if the pool does not exist.
HTH
F5 Design Engineer
🙏
- For a High Speed Logging Destination Click Create Select the pool you created in step 1.
