Forum Discussion

GeoffG's avatar
GeoffG
Icon for Altostratus rankAltostratus
Feb 06, 2020

High Speed Logging to SumoLogic Collector not Working

HI,

 

I am trying to get some values from a HTTP header to be sent to a SumoLogic Collector and am having difficulties with how the messages end up at the SumoLogic box.

 

I can see the data being sent to the SumoLogic box but it doesn't seem to be able to read it. The log is just random corrupted text.

 

I have setup a Log destination as Remote HSL using a pool UDP/1514 and the Publisher set to the Destination config

 

I have also tried setting up another destination using remote syslog and forward that to the Remote HSL Destination as well but still get same result.

 

I know this is being sent to the SumoLogic collector because I have got captures going out to the Sumo collector and the UDP Packets contain the text I wanted logged.

 

Is there some issue on the F5 or is the Sumo collector not reading the format right or something??.

 

Cheers

 

 

application delivery
BIG-IP
LTM

1 Reply

Sort By
  • Smithy's avatar
    Smithy
    Icon for Cirrostratus rankCirrostratus
    Feb 11, 2020

    I'm not familiar with Sumo Logic, but for my 3 node ELK cluster with 2 logstash servers, I just use HSL. See below.

    create ltm node elk1.f5.demo { address 10.1.30.111 description "ELK Logstash/Data/Master Node" }
create ltm node elk2.f5.demo { address 10.1.30.112 description "ELK Kibana/Master Node" }
create ltm node elk3.f5.demo { address 10.1.30.113 description "ELK Logstash/Data/Master Node" }
 
create ltm pool elk_log_5401_pool { members replace-all-with { elk1.f5.demo:5401 elk3.f5.demo:5401 } }
 
create sys log-config destination remote-high-speed-log elk_hsl_5401_dest { pool-name elk_log_5401_pool protocol udp distribution balanced }
 
create sys log-config publisher elk_log_5401_pub destinations replace-all-with { elk_hsl_5401_dest }