Forum Discussion

Greg_Swift_3395's avatar
Greg_Swift_3395
Icon for Nimbostratus rankNimbostratus
Apr 22, 2013

Load balacing syslog traffic through an LTM

My target is this:

 

 

Virtual server: syslog.example.com:6514 (would really like incoming Syslog over TLS)

 

Protocol: TCP

 

Pool: syslog-nXX.example.comf:514 (but no tls to the actual pool nodes)

 

 

From that standpoint it seems very simple to me, but I must be missing something because I have tried several different configuration paths to accomplish this but so far am seeing no traffic on the backend pool nodes.

 

I've searched around devecentral but if there was an answer to this it was buried in all the posts about configuring the delivery of syslog data from the f5s.

 

thanks

 

config
design

6 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Apr 22, 2013
    Can you expand on what you've tried please. This looks very simple (ignoring the TLS for the moment).
  • Greg_Swift_3395's avatar
    Greg_Swift_3395
    Icon for Nimbostratus rankNimbostratus
    Apr 22, 2013
    So apparently everything i tried was in the standby node and so the reason my simple config didn't work was because it was never active.

     

     

    So the basic setup:

     

     

    nodes with gateway_icmp health monitor (may explore options later but syslog isn't really a 2way communication stream)

     

    for the virtual server only thing i did was protocol tcp and the rest set to None.

     

     

    Still need to figure out the SSL, but this was a great first step.

     

     

    thanks and sorry.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Apr 22, 2013
    OK, so I can't be 100% sure but I presume you need to terminate SSL/TLS yes? If so you'll need a ClientSSL profile configured; is this possible or workable?
  • Greg_Swift_3395's avatar
    Greg_Swift_3395
    Icon for Nimbostratus rankNimbostratus
    Apr 22, 2013
    Yes. I am working on the syslog configuration bits to make sure I have that nailed down then i'm going to create the client ssl profile. i'll update here when i get going
  • Greg_Swift_3395's avatar
    Greg_Swift_3395
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2013
    So ya. Even the TLS was extremely basic. It just helps to do it on the primary system not the standby.