NimbostratusHello, I configured my bigip for sending to a syslog server and nothing is showing up. The F5 can ping the server so it doesnt seem to be a connectivity issue. The command I used was: : modify /sys syslog remote-servers add { SYSLOGSERVER { host 192.168.20.50 remote-port 514 }}
MVPHi, make sure you didn't forget to save your change:
save /sys config
Nimbostratusthanks I did, but unfortunately that didn't help. What else, if anything needs to be done?
CirrocumulusHave you tried running a tcpdump on the hos and seeing if you see any traffic on 514? if you ping at the same time do you also see it in tcpdump?
Does both traffic go over the same route?
See the following for traffic routing - it may point to the problem. Overview of management interface routing (11.x)
Hope this helps,
N
Nimbostratusyes traffic is on 514, did a tcpdump.
As Nathan already pointed out it might be a routing problem.
Which way you want the syslog messages to go? If it should leave via management interface you see it in the tcpdump when specifying an interface of "-nnni eth0-nnni 0.0 -eThank you. The syslog messages are not coming from the management interface (network), they are coming from the another network (the self IP). I had to make a rule in the firewall for this to work correctly now.
I would prefer the syslog messages to source from the management network on the F5, is there a way to do this?
NimbostratusMy management network is 10.65.1.0.
I tried the commands you suggested and when I listed the sys management-route it says:
sys management-route MGMT { gateway 10.65.1.1 network 10.65.1.0/24 } sys management-route default { description configured-statically gateway 10.65.1.1 network default
The top one I configured and the bottom one was already there.
MVPYou entered the wrong IP as destination. Try:
tmsh delete sys management-route MGMT
tmsh create sys management-route MGMT network 192.168.20.50/32 gateway 10.65.1.1
Thank you all very much.