Send syslog to host on non-zero route domain v11.1+

Question

Some time ago, I asked this question for v10. Now in v11.1 onwards, the behaviour has changed.&nbsp;
 &nbsp;
How can I send syslog messages to an address on a route domain other than %0 ?&nbsp;
I know it can be done with the log command in an irule: log 10.1.1.1%1 local0. "blah", but I want to log locally as well as to a remote syslog server, so I need to either include two log statements in my rules, or use the syslog configuration from the shell.&nbsp;
Under v10 I used the special IPv6 address which gave access to the IPv4 address with route domain. This no longer works.&nbsp;
Nor does specifying the address with %route domain. Below is an example I have tried:&nbsp;
 &nbsp;
destination d_mylogging{&nbsp;
 my custom local file&nbsp;
   file(\"/var/log/local/mylog\" create_dirs(yes));&nbsp;
 &nbsp;
 this is accepted but doesn't work:&nbsp;
   udp(\"10.1.1.1%1\" port(514));                        &nbsp;
 &nbsp;
 this is accepted but doesn't work (but did under 10.x):&nbsp;
   udp6(\"2620:0:c10:f501:0:1:a01:101\" port(514));&nbsp;
};&nbsp;
 &nbsp;
Can anyone suggest how to get around this?&nbsp;

jason_adams · Answer

Syslog is not aware of the Route Domain syntax, and since v11.1, the conversion to IPv6 no longer works.
The solution is to create a dummy Virtual Server configured on the default route domain; with the syslog server as the pool member.
Here's an example:root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list sys syslog remote-servers
sys syslog {
    remote-servers {
        remsys {
            host 10.1.1.117
        }
    }
}
root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual syslog_vip
ltm virtual syslog_vip {
    destination 10.1.1.117:514
    mask 255.255.255.255
    pool syslog_pool
    profiles {
        fastL4 { }
    }
    snat automap
    vlans-disabled
}
root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool syslog_pool
ltm pool syslog_pool {
    members {
        172.28.4.187%1:514 {
            address 172.28.4.187%1
        }
    }
}
root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list net route-domain
net route-domain 0 {
    description "Default Route Domain"
    id 0
    strict disabled
    vlans {
        internal
    }
}
net route-domain rd1 {
    id 1
    parent 0
    strict disabled
    vlans {
        external
    }
}

jason_adams_124 · Answer

Syslog is not aware of the Route Domain syntax, and since v11.1, the conversion to IPv6 no longer works.
The solution is to create a dummy Virtual Server configured on the default route domain; with the syslog server as the pool member.
Here's an example:root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list sys syslog remote-servers
sys syslog {
    remote-servers {
        remsys {
            host 10.1.1.117
        }
    }
}
root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual syslog_vip
ltm virtual syslog_vip {
    destination 10.1.1.117:514
    mask 255.255.255.255
    pool syslog_pool
    profiles {
        fastL4 { }
    }
    snat automap
    vlans-disabled
}
root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm pool syslog_pool
ltm pool syslog_pool {
    members {
        172.28.4.187%1:514 {
            address 172.28.4.187%1
        }
    }
}
root@(b16b)(cfg-sync Standalone)(Active)(/Common)(tmos) list net route-domain
net route-domain 0 {
    description "Default Route Domain"
    id 0
    strict disabled
    vlans {
        internal
    }
}
net route-domain rd1 {
    id 1
    parent 0
    strict disabled
    vlans {
        external
    }
}

uni · Answer

Thanks Jason. I explored this option, but unfortunately I cannot turn off strict isolation.

uni · Answer

Thanks Jason. I explored this option, but unfortunately I cannot turn off strict isolation.

Forum Discussion

Send syslog to host on non-zero route domain v11.1+

4 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Enriching AFM with public domain Threat Intelligence

Tcp syslog

domain blocking

BIG-IP to Process TLS Syslog Traffic

LTM 9.4.2+: Custom Syslog Configuration