John_Lennon_457
Oct 07, 2010Nimbostratus
ProxyPass and common logging
I'm in the process of converting a few sites from other technologies to F5 LTM using ProxyPass v10 on TMOS 10.2. Currently each site relies on the Reverse Proxy logs to be collected for analysis and provide statistical usage. Each virtual site has its own sets of logs and there are 2 RP per site (for load balancing and fail over).
On the LTM with ProxyPass I haven't found an equivalent method for logging. I see it's possible to create an iRule to log however everything will be in /var/log/ltm and it could get messy. I investigated the option of using a syslog server but there are a few issues with it:
- the LTM would log to an external server, with unencrypted traffic and this may not be acceptable for all cases;
- if the remote syslog server is restarted (i.e. applying security patches) the new activity until the server is restarted is lost.
I understand it could be possible to use a couple of servers for this and use a pool on the LTM, however this starts to get complex to manage if we consider we need to separate logs per virtual server, issues with encryption, etc. when the goal of moving to LTM is to simplify and reduce TCO.
Ideally I'd like to be able to write a log per virtual server directly on the LTM - space shouldn't be an issue as I don't think we'd need more than 10 GB / month, which can be logrotated and encrypted to reduce the size even further.
Do you have any suggestion?
Thank you in advance for your help.