CirrostratusSysLog Not sourcing from Management IP and Syslog SNAT Problem
I will be trying to explain 2 problem here and ask for help
1.
One Problem is I set an F5 to send Syslog to syslog Servers which are behind a F5 ( UDP 514 ) VIP.
F5 Sending Syslog using Mgmt IP >> Syslog VIP at Other F5 >> SysLog Server.
To send syslog using mgmt IP I configured following things
F5# list /sys management-route
sys management-route syslog {
gateway 10.7.11.1
network 10.8.114.71/32
F5# list sys management-ip
sys management-ip 10.7.11.105/24 {
description configured-statically
}
F5# list sys dns
sys dns {
name-servers { 10.7.4.2 10.7.4.3 }
search { localhost test.ca test.root.local }
}
F5# list sys syslog
sys syslog {
remote-servers {
syslog_server {
host 10.8.114.71
local-ip 10.7.11.105
}
}
}
When I do DIG ( from Client F5 ) it fails if I do not give Full name , DNS DIG works if I give Full name like this dig +noedns syslog_server.test.root.local
F5# dig +noedns syslog_server
; <<>> DiG 9.11.4-P1 <<>> +noedns syslog_server
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52326
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
F5 # tcpdump -A -nni mgmt host 10.8.114.71 and port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on mgmt, link-type EN10MB (Ethernet), capture size 65535 bytes
19:41:00.775420 IP 10.8.10.20.50143 > 10.8.114.71.514: SYSLOG local0.notice, length: 183
E...h.@.@.A.
.
2.
2nd Problem at F5 , behind of which SysLog Server are there. SYSLOG Servers see Source IP as SELF IP of F5 even though from VIP it is set to none and from Pool ALLOW SNAT set to none. I do not what else to do. What is Global SNAT List ? How to find it from F5 ? Are those creating problem any how to show the Actual Source IP rather than Self IP. ?
