Forum Discussion

Root44's avatar
Root44
Icon for Altostratus rankAltostratus
Feb 22, 2016

SSL logging impact on f5?

Hello Experts,

 

I was just curious if there would be any impact on performance of f5 if we enabled SSL logging? I found out hot to do it but I don't want to mess up the entire infrastructure. Please let me know if it will slow the working performance of the f5, affect other VIPs configuration or any error/outage at all.

 

https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html

 

Thank you all, you are the best.

 

R

 

1 Reply

  • Hi,

    An iRule which logs SSL handshake details to a Remote Syslog server (HSL) would not be a problem. Test in QA first and after a successful test in QA, proceed to PROD by progressively enabling it on more Virtual Servers (don't have to implement for all services at once).

    • When using an iRule logging solution, try to avoid on-appliance logging if possible (i.e. /var/log/ltm or /var/log/user.notice). If you need a permanent solution, go for remote logging (HSL).
    • If you were thinking about SSL Debug as your logging solution (
      tmsh modify /sys db log.ssl.level value Debug
      ), I would not recommend that as your permanent SSL logging solution since it does not qualify for one. Any built-in debug commands are meant to be used for short-term to troubleshooting on-going incidents or problems.