Viewing Layer 2-4 via syslog

Question

LTM 
&nbsp; Bigip v.9.4.8 
&nbsp;  
&nbsp; Is there a way to view Layer 2-4 traffic via syslog?  i only see layer 7 traffic and that is because of the modifications of ssl.conf.  Right now, my client is using the Bigp as a firewall and Im trying to have them move away from that. But the first thing I need to do is see how traffic comes and goes in the F5 so that I can create a rule baste.  Any ideas? 
&nbsp;  
&nbsp; EvilRootSa

hooleylist · Answer

How is the layer 2-4 traffic passing through LTM?  If it's with a virtual server, you can use an iRule like this: 
&nbsp;  
&nbsp; http://devcentral.f5.com/Wiki/default.aspx/iRules/LogHttpTcpUdpToSyslogng.html 
&nbsp;  
&nbsp; If it's a SNAT, I'm not sure there is an efficient way.  Outputting tcpdump to a text file would be a horrendous option, but could work depending on how much throughput there is and whether you're able to isolate the traffic via filters. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Viewing Layer 2-4 via syslog

1 Reply

Recent Discussions

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Related Content

Layer 7 Content Routing in F5 XC

Layer 4 vs Layer 7 DoS Attack

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Three Attached Deployment

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Two Attached Deployment

Monitor Layer 7