We are using BIGIP 7000s (version 18.104.22.168) as BIGIQ Centralized Management. We were successful in importing the BIGIP Configurations to the BIGIQ, but client wants to see also the event logs from the ASM. Upon checking some KB, it seems that I will be needing to configure a Logging Node Server. Here are my questions:
if we will install it in a vmware, where can i download the ova for the logging node or i can use the OVA for the BIGIQ itself
for the license, it was said that we can use the original base registration key, when licensing, there are only two options (BIGIQ Centralized Management and BIGIQ Data Collection Device), to have a logging node, should we choose the BIGIQ DCD?
Any help will be greatly appreciated.
It sounds like a licensing issue, combined with the fact that it can be challenging to undo the personality type of the BIG-IQ after it has been applied to a device. The DCD stores your data, but is controlled and managed by BIG-IQ CM. If you have a CM device already, try this on the second device:
clear-rest-storage -l -d
This process will permanently remove any previous configuration. It does not remove the management address details nor the license.
it seems like it. Thank you for answering all my questions.
Have a nice day!
You should be able to use the OVA for the BIG-IQ itself and then choose the personality type of data collection device (DCD) when you license. After booting the DCD, activate the Web Application Security service and then discover the DCD from the BIG-IQ CM device.
Central policy building requires a DCD and a DCD-configured logging profile on the ASM device.Go to Configuration > SECURITY > Shared Security > Logging Profiles and create a logging profile similar to this example:
Assign the logging profile to virtual server and then deploy the virtual server from BIG-IQ CM.
Hi Erik, thank you for the answers.Just the answers I was hoping to get.Also, I tried booting the device (before selecting as centralized manager) as DCD however, only a the System menu can be seen in the GUI. Did I do something wrong with the configuration or this means that we dont have license for a DCD.
thank you again.
You can license and build a DCD in two ways:
• Use a BIG-IQ CM license and choose the DCD license option contained within this when installing the system
• Use a DCD only license (still called a Logging Node License). This option only allows a DCD to be built.
The “provisioning” of BIG-IQ, or setting its “personality”, is done during the initial configuration of the BIG-IQ system. For the first license/build option, the administrator is presented with two options:
• BIG-IQ Central Management
• BIG-IQ Data Collection Device
Did you reach the step where you choose the second option?
yes, before i deployed to a CM, i accidentally chose the DCD in the options. The BIGIQ rebooted and i can access the GUI however the GUI displays only the "System" tab. No other options can be seen in the GUI. We are using BIGIP 7000 version 22.214.171.124.
Our worry is if the license is existing license is not compatible to create a DCD. if this is the case, we may need to inform the client with this.