Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Logging Node Server for BIGIQ ASM Event Logs

Hi Everyone,

We are using BIGIP 7000s (version 6.0.1.2) as BIGIQ Centralized Management. We were successful in importing the BIGIP Configurations to the BIGIQ, but client wants to see also the event logs from the ASM. Upon checking some KB, it seems that I will be needing to configure a Logging Node Server. Here are my questions:

  1. What are the minimum specs for a logging node server. i found this article indicating the specs.

https://support.f5.com/kb/en-us/products/big-iq-centralized-mgmt/manuals/product/big-iq-centralized-management-and-vmware-setup-6-0-0/1.html#guid-bd42a26b-9fa6-4127-88ab-fe5ab06bd3c2.

  1. if we will install it in a vmware, where can i download the ova for the logging node or i can use the OVA for the BIGIQ itself

  2. for the license, it was said that we can use the original base registration key, when licensing, there are only two options (BIGIQ Centralized Management and BIGIQ Data Collection Device), to have a logging node, should we choose the BIGIQ DCD?

Any help will be greatly appreciated.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It sounds like a licensing issue, combined with the fact that it can be challenging to undo the personality type of the BIG-IQ after it has been applied to a device. The DCD stores your data, but is controlled and managed by BIG-IQ CM. If you have a CM device already, try this on the second device:

clear-rest-storage -l -d

This process will permanently remove any previous configuration. It does not remove the management address details nor the license.

0
Comments on this Answer
Comment made 2 months ago by F5_Jeff 334

Hi Erik,

it seems like it. Thank you for answering all my questions.

Have a nice day!

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You should be able to use the OVA for the BIG-IQ itself and then choose the personality type of data collection device (DCD) when you license. After booting the DCD, activate the Web Application Security service and then discover the DCD from the BIG-IQ CM device.

Central policy building requires a DCD and a DCD-configured logging profile on the ASM device.Go to Configuration > SECURITY > Shared Security > Logging Profiles and create a logging profile similar to this example: Image Text

Assign the logging profile to virtual server and then deploy the virtual server from BIG-IQ CM.

0
Comments on this Answer
Comment made 2 months ago by F5_Jeff 334

Hi Erik, thank you for the answers.Just the answers I was hoping to get.Also, I tried booting the device (before selecting as centralized manager) as DCD however, only a the System menu can be seen in the GUI. Did I do something wrong with the configuration or this means that we dont have license for a DCD.

thank you again.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can license and build a DCD in two ways: • Use a BIG-IQ CM license and choose the DCD license option contained within this when installing the system • Use a DCD only license (still called a Logging Node License). This option only allows a DCD to be built. The “provisioning” of BIG-IQ, or setting its “personality”, is done during the initial configuration of the BIG-IQ system. For the first license/build option, the administrator is presented with two options: • BIG-IQ Central Management • BIG-IQ Data Collection Device

Did you reach the step where you choose the second option?

0
Comments on this Answer
Comment made 2 months ago by F5_Jeff 334

Hi Erik,

yes, before i deployed to a CM, i accidentally chose the DCD in the options. The BIGIQ rebooted and i can access the GUI however the GUI displays only the "System" tab. No other options can be seen in the GUI. We are using BIGIP 7000 version 6.0.1.2.

Our worry is if the license is existing license is not compatible to create a DCD. if this is the case, we may need to inform the client with this.

0