Forum Discussion

Justkennie_4820's avatar
Justkennie_4820
Icon for Nimbostratus rankNimbostratus
Sep 24, 2014

BigIP version 10 and logs to remote syslog server

Hi Guys,

 

I have a bigip 3600 version 10 running. I configure the below command to send syslog to a remote serfer, yet I am not geting the logs on the syslog server. Checking the traffic on the network shows that the bigip is not sending syslog traffic.

 

modify /sys syslog remote-servers add { SIEM { host 10.2.160.34 remote-port 514 }}

 

17 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Justkennie - the command looks fine. Can you confirm it's correct when you run: list /sys syslog all-properties? Can you ping the syslog server from the BIG-IP?

     

    What about if you run tcpdump on the BIG-IP, does this show syslog traffic going out? I wonder if it's going out over a route you're not expecting? i.e. over a TMM interface rather than Management route? Do a filter on either interface 0.0 (TMM) or eth0 (management).

     

    Hope this helps,

     

    N

     

  • Was there a solution found to this? I have a very similar problem, I'm running tcpdump on all interfaces (in both bash and TMSH) but I'm finding that the LTM isn't sending out any syslog messages. I've even tried the echo test. I've gone over the routing differences between TMM and mgmt interfaces and everything looks ok, I'm stumped :S

     

    • jaikumar_f5's avatar
      jaikumar_f5
      Icon for MVP rankMVP

      Can you confirm if your syslog setting is set properly. Dont have a v10 version to tell you the commands, is tmsh present in your version ?

      tmsh list sys syslog

    • ShakeelRashid_8's avatar
      ShakeelRashid_8
      Icon for Nimbostratus rankNimbostratus

      Sorry, I should've mentioned, I'm on v11, not 10. This is what I have configured:

       

      [user@viprion:/S1-green-P:Active:In Sync] ~ tmsh list sys syslog sys syslog { remote-servers { remotesyslog1 { host x.x.x.x } remotesyslog2 { host y.y.y.y } remotesyslog3 { host z.z.z.z } remotesyslog4 { host a.a.a.a } remotesyslog5 { host b.b.b.b } remotesyslog6 { host c.c.c.c } } }

       

      The port isn't showing up here but in the GUI its showing as 514

       

    • jaikumar_f5's avatar
      jaikumar_f5
      Icon for MVP rankMVP

      Do you have the routes set for the syslog servers,

      tmsh list sys management-route

      And search your syslog servers in it.

  • Was there a solution found to this? I have a very similar problem, I'm running tcpdump on all interfaces (in both bash and TMSH) but I'm finding that the LTM isn't sending out any syslog messages. I've even tried the echo test. I've gone over the routing differences between TMM and mgmt interfaces and everything looks ok, I'm stumped :S

     

    • jaikumar_f5's avatar
      jaikumar_f5
      Icon for MVP rankMVP

      Can you confirm if your syslog setting is set properly. Dont have a v10 version to tell you the commands, is tmsh present in your version ?

      tmsh list sys syslog

    • ShakeelRashid's avatar
      ShakeelRashid
      Icon for Nimbostratus rankNimbostratus

      Sorry, I should've mentioned, I'm on v11, not 10. This is what I have configured:

       

      [user@viprion:/S1-green-P:Active:In Sync] ~ tmsh list sys syslog sys syslog { remote-servers { remotesyslog1 { host x.x.x.x } remotesyslog2 { host y.y.y.y } remotesyslog3 { host z.z.z.z } remotesyslog4 { host a.a.a.a } remotesyslog5 { host b.b.b.b } remotesyslog6 { host c.c.c.c } } }

       

      The port isn't showing up here but in the GUI its showing as 514

       

    • jaikumar_f5's avatar
      jaikumar_f5
      Icon for MVP rankMVP

      Do you have the routes set for the syslog servers,

      tmsh list sys management-route

      And search your syslog servers in it.