Manual Chapter :
Configure IPsec Event
Viewing on the BIG-IQ
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Configure IPsec Event
Viewing on the BIG-IQ
How do I configure viewing IPsec event
logs?
You can use BIG-IQ to view IPsec events. To set up
IPsec event log viewing, you need to complete a few tasks:
- Configure the BIG-IP devices that form the IPsec tunnel to send events to the data collection device.
- Create a remote log server pool.
- Create a remote high-speed log destination for IPsec.
- Create a remote Syslog destination for IPsec.
- Configure a log publisher to send IPsec events to the BIG-IQ.
- Configure the BIG-IQ system to view IPsec events by Enabling IPsec event collection.
After you complete these initial configuration tasks, you can view IPsec events on the
BIG-IQ.
Create a log publisher pool
You create a log publisher pool as part of the process you complete to route IPsec events from the BIG-IP device to your data collection device, so that you can view these events
from the BIG-IQ.
You must perform these steps for both of the BIG-IP devices
that make up the IPsec tunnel.
- At the top of the screen, clickConfiguration, then, on the left, click .The screen displays the list of pools defined on this device.If you select the check box for a pool, you can either delete it, deploy it, or view statistics for it. You can also view details about other configuration objects to which this pool relates.
- ClickCreate.The New Pool screen opens.
- Type a nameNamefor the pool you are creating.Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.The pool name is limited to 63 characters.
- From theDevicelist, select one of the devices that make up the IPsec tunnel.
- To add a new pool member for this pool, clickNew Member.
- Specify theNode TypeselectNew Node.
- Type a helpful name for theNode Name.
- For theNode Address, type the self IP address of the data collection device that you want events from this device to go to.
- For thePort, type9997.
- ClickSave & Close.
The new pool member is added to the specifications for the pool you are creating.When you create a new pool member while creating a new pool, the new pool member is not actually created until you save the new pool. When you create a new pool member for an existing pool member, the new member is ready to use as soon as you save it. - When you finish specifying the settings for this pool, clickSave & Close.The system creates the new pool with the settings you specified.
- Repeat the last 5 steps to add a pool and pool member for the other device that makes up the IPsec tunnel.
The pools list shows the log publisher pools you created.
Create a remote high-speed log destination
for IPsec
Before creating a remote high-speed
log destination for IPsec, you must create a log publishing pool.
You create a remote high-speed log
destination as part of the processyou complete to route IPsec events from the BIG-IP device to your data collection device,so that you can view
these events from the BIG-IQ.
You must perform these steps for both of the BIG-IP devices
that make up the IPsec tunnel.
- At the top of the screen, clickConfiguration, then, on the left, click .The Log Destinations screen displays a list of the log destinations that are defined on this device.
- ClickCreate.The New Log Destination screen opens.
- Type aNameto identify the IPsec remote high speed log destination.
- From theTypelist, selectRemote High-Speed Log.BIG-IQ displays additional parameters for a remote high speed logging destination
- Specify which devices to associate this destination with.
- Select the device you want this destination to use.
- Select the remote log server pool that you defined previously.
- ClickSaveto add the listed devices to the Device Specific list.
The Device Specific list shows the devices that you selected for this log destination.Click a device name in the Device Specific list to edit settings for that device. Bear in mind, though, that changes you make to one device do not change the settings for other devices, or for the base configuration for the log destination. - ClickSave & Close.The system creates the new log destination with the settings you specified.
Create a remote Syslog destination for
IPsec
Before creating a remote Syslog log
destination for IPsec, you must create a log publishing pool and a high-speed log
destination for IPsec.
You create a remote Syslog log
destination as part of the processyou completeto route IPsec events from the BIG-IP device to your data collection device, so that you can view
these events from the BIG-IQ system.
You must perform these steps for both of the BIG-IP devices
that make up the IPsec tunnel.
- At the top of the screen, clickConfiguration, then, on the left, click .The Log Destinations screen displays a list of the log destinations that are defined on this device.
- ClickCreate.The New Log Destination screen opens.
- In theNamefield, typeIPsec-Syslogto identify the IPsec Syslog destination.
- From theTypelist, selectRemote Syslog.
- From theSyslog Formatlist, select a format for the logs.
- From theForward Tolist, select the name of the IPsec remote high speed log.
- ClickSave & Close.The system creates the new log destination with the settings you specified.
Configure a log publisher to send IPsec
events to the BIG-IQ
To send the IPsec event logs to the data
collection device, you must configure a publisher to send the logs to the IPsec Syslog
destination. This is the last task in the series you perform to route IPsec events
from the BIG-IP® device to your data collection device so that you
can view these events from the BIG-IQ®
You must perform these steps for both of the BIG-IP devices
that make up the IPsec tunnel.
- At the top of the screen, clickConfiguration, then, on the left, click .The screen displays a list of the Log Publishers that are defined on this device.
- Click the log publisher nameddefault-ipsec-log-publisher.The Log Publisher properties screen opens.
- For theLog Destinationssetting, from theAvailablelist, selectIPsec-Syslogand move it to theSelectedlist.BIG-IQ lists bothlocal-syslog(the default) andIPsec-Syslogin theSelectedlist.
- ClickSave & Close.
To use the IPsec tunnel configuration to collect
IPsec events, you must activate IPsec event collection for your data collection device
(DCD) cluster.
Enable IPsec event collection
You activate IPsec event collection
for your data collection device (DCD) cluster so that you can view IPsec
tunnel events on BIG-IQ.
- From BIG-IQ, at the top of the screen, clickSystem, then, on the left, click .The BIG-IQ Data Collection Devices screen opens listing the DCDs in the cluster. The Services column lists the BIG-IP services monitored by each DCD. If no services are enabled for a DCD, this column displaysAdd Servicesinstead.
- Determine whether you need to access the Services screen and how.
- If no services are listed, clickAdd Servicesto access the Services screen.
- If services other than IPsec are listed, click one of those services to access the Services screen.
- If the IPsec service is listed, it is already enabled, but you can click a service name to access the Services screen so you can verify the IP address and port the DCD uses to communicate with the IPsec service.
The Services screen for this DCD opens. - For IPsec, clickActivate.TheListener Addresssetting displays the internal self IP address configured for the DCD. The self IP address is currently the recommended address for collecting event log data.The system begins collecting IPsec events.
- Click theSave & Closebutton.
You can now view IPsec event logs using
the BIG-IQ user interface.