Reset Search
 

 

Article

KB44839 - How to configure multiple remote syslog servers for sending syslog formatted request logs from a virtual server

« Go Back

Information

 
Last Modified Date7/15/2021 11:01 AM
Synopsis
This article mentions steps needed to be configured on vTM for sending request logs from a virtual server to multiple remote syslog servers.
Problem or Goal
Currently we can configure only one syslog server in Request Logging section of a virtual server to send syslogs.
Cause
Solution
The steps involve configuring a Traffic Script (TS) along with a Loopback Virtual Server which listens on forwarded syslog port and sends traffic out to multiple syslog nodes ( or servers ). Login to vTM GUI and follow the below steps:

1. Go to "Request Logging" section of the Virtual Server in question.
2. Ensure "log!save_all:" is set to Yes.
3. Set "syslog!enabled:" to yes and set "syslog!ipendpoint:" to loopback IP and port as 127.0.0.1:514.

User-added image

4. Go to Catalogs > Rules. In here, create a new rule selecting mode as TrafficScript language.
User-added image
5. Add below lines of code in rule:
 
$syslog_msg = request.get();
foreach ( $destination in ["1.1.1.1:514", "1.1.1.2:514", "1.1.1.3:514"] )
{
$address = string.split($destination, ":");
$res = udp.SendTo( $address[0], $address[1], $syslog_msg );
if ( $res == -1 ) {
log.warn( "Error forwarding a syslog message to " . $destination . "(" . $1 . ")" );
}
}
6. In above rule, replace destination IP's with the IP:Port of the remote syslog servers. For example, if you would like to send syslogs to servers 192.168.168.10 and 172.16.1.10 on default UDP port of 514, the foreach statement in above rule would be as below:

foreach ( $destination in ["192.168.168.10:514", "172.16.1.10:514"] )

7. If the servers are each listening on different ports for syslog, mention the correct IP:Port pair in above section.
8. Go to Services > Virtual Servers, create a new Virtual Server listening on Loopback IP for syslog and set Pool to discard as below:
User-added image
User-added image

9. In same Virtual Server, go to Rules > Request Rules, select the rule created for syslog in drop down options in Add rule section and click on Add Rule button.

User-added image

10. Return back to the above Virtual Server, go to Protocol Settings > UDP-Specific Settings. Set "udp_response_datagrams_expected:" to 0 and save it.

User-added image

Do raise a support case in case of any clarifications or doubts on above implementation.
Related Links
Attachment 1 
Created ByRohit Shetty

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255