Applies To:Show Versions
BIG-IQ Centralized Management
High Availability Logging over Data Collection Device Cluster
Data logging over multiple DCDs
Load Balancing events over DCDs
Connecting event logs to DCD pool
Overview of configuring HA DCD logging per service module
Logging profile configuration
Web Application Security (ASM or Adv. WAF)
Managing Web Application Security Loggingsection in
BIG-IQ Web Application Security
Logging Bot Defense Requestssection in
Managing Bot Defense Using BIG-IQ
Fraud Protection Services (FPS)
The following process is for BIG-IP devices running version 15.0 or higher. For information about setting up logging to BIG-IQ for versions 14.1 or earlier, see
Configure BIG-IP a remote logging profile for BIG-IP FPS.
This process can only be done using the BIG-IP interface (version 15.0 or higher). You cannot create an FPS logging profile using BIG-IQ.
Logging FPS over multiple DCDssection in
BIG-IQ: Fraud Protection Service.
Logging DoS Protection eventssection in
Managing DDoS attacks Using BIG-IQ
Network Security (AFM)
Logging Network Security eventssection in
Managing Network Security Using BIG-IQ
Access (APM and IP Security)
Logging Access eventssection in
Centrally Managing Access Groups Using BIG-IQ
Create a remote logging pool of DCDs
- Three or more data collection devices (recommended).This process only applies to BIG-IQ configurations with multiple DCD devices.
- A logging profile that has remote storage enabled, and is attached to a virtual server on a BIG-IP device that hosts the service module and its policy.
- [ASM/Web Application Security only] A load balancing BIG-IP device. This is a device that hosts the virtual server that load balances logging messages to the pool of DCDs, but does NOT host ASM service module policies or logging profiles.
- At the top of the screen, clickConfiguration, then, on the left, click .
- Type a uniqueNamefor the pool.
- From theDevicelist, select a load balancing BIG-IP device that provides the load balancing service to the DCD pool.For ASM/ Web Application security logging information, be sure to select a BIG-IP device that is different from the device that hosts your virtual server with the service module policy.
- In theHealth Monitorsfield, select the/Common/httpoption.
- ForNode Type, selectNew Node.
- Add aNode Name(optional).
- Add the DCD IP address in theAddressfield and enter a service port for thePortfield.Service module port numbers:Service ModuleModule in BIG-IPPort NumberWeb Application SecurityASM and Adv. WAF8514Bot Defense8514Fraud Protection ServiceFPS8008DoS ProtectionDoS Protection8020Network SecurityAFM8018Access (APM), IP Security (IPSec)APM and IP Security9997If you have multiple service modules sending logging data, you will need to create a separate DCD pool for each module's port number.
- Ensure thatState (on BIG-IQ)isEnabled.
- ClickSave & Close
- Repeat steps 6-10 for all DCDs in your configuration.
- Create a virtual server to host your DCD pool
- Go to.
- From theNamefield add a name.
- From theDevicefield, select the host device from step 4.
- In theDestination Address/Maskfield add the IP address of the virtual server that hosts the logging profile.If your managed BIG-IP device uses high speed traffic logging (HSL) pools, you must apply the Self-IP address. You cannot apply the Management IP address. For more information about using HSL pools on BIG-IP devices, see K17398.For Web Application Security, you must configure the DCD pool on a separate BIG-IP device from the device used to host the logging profile.
- In theService Portfield enter the service port numbers that matches your logging profile's module (see table in step 8).
- In theSource Address Translationfield selectAuto Map.
- In the Resources area, clickDefault Pooland select the name of the DCD pool.
- ClickSave & Close.