Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Question regarding unavailable HSL servers

Hello all!

Second time poster, long time reader:) I´ve a question regarding a scenario when the BigIP are configured with HSL and the remote servers become unavailable, does the BigIP caches the logs locally and send the logs to the HSL servers when the remotes servers are available again?

//Thanks in advance

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

No.

0
Comments on this Answer
Comment made 13-Oct-2017 by Squeak 77

Ah okey, thx for your info.

0
Comment made 13-Oct-2017 by Kevin Davies 3029

Squeak,

I feel I should elaborate so you are better informed as to why this is the case. The high speed logging feature is a mechanism to enable production logging without impacting the performance of the BIG-IP. That is its primary purpose. To that end they bypass syslog entirely and TMM does no processing on the logs at all.

This is why you have to supply the raw facility and level using the calculation provided in RFC5424 Pg.9. local0.info is 150 and local7.info is 190. At the beginning of the message you have to provide this raw value..

<190> Your syslog message

So to answer your question, their is no logs held in reserve because the system is designed around minimal impact to system performance and the most efficient way to achieve that is for TMM to put the messages directly back on the wire (the network) and then its job is done.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Already been answered but thought would add something.

If HSL fails the logs are lost however you can configure the use of a pool which if you set 'Action On Service Down' to 'Reselect' within the pool configuration should be able to limit the lose of logs. This is only valid if you have more than one server you can remote log to.

0