F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. BIG-IQ Centralized Management: Local Traffic and Network Implementations
  5. Managing Logs
Manual Chapter : Managing Logs

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0, 6.1.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Managing Logs

How do I manage my device logs on the BIG-IQ?

You can create, edit or delete log filters, log publishers, and log destinations for the logs produced on your managed BIG-IP devices. Just make whatever changes you want and then deploy them to the device.

What is a device-specific log destination type?

There are several log destination types you can create and manage with the BIG-IQ. Most log destination types are completely shared objects. That is they use one set of parameters regardless of which device they are deployed to. However, there are also 3 types of log destinations that can have device-specific settings. For these destination types, the configuration can be altered depending on which device the destination is deployed to. These device-specific log types are:
  • IPFIX
  • Remote High-Speed Log
  • Management Port

IPFIX and Remote High-Speed Log destinations use pools that are per-device objects. As a result, they are always device-specific. Each BIG-IP that the destination is deployed to needs a log destination unique to that BIG-IP so that you can specify a pool on that BIG-IP the logs are forwarded to.

Management Port log destinations can either be completely shared objects or they can be device-specific. A shared log destination uses the same IP address and port for every BIG-IP device it is deployed to. A device-specific log destination uses a separate instance of the log destination (each with a unique IP address and port) for each BIG-IP it is deployed to.

Create a new log destination

Before you can create a new log destination, you must have configured a remote log server to send the logs to.

Use this screen to create a new log destination for a managed device.

Create a log destination to specify that log messages are sent to a remote log server.

  1. At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC > Logs > Log Destinations .
    The Log Destinations screen displays a list of the log destinations that are defined on this device.
  2. To create a new log destination, click Create.
    The New Log destination screen opens so you can define the settings you want for this destination.
  3. In the Name field, type in a name for the log destination you are creating.
  4. For Type, select the kind of destination you are creating.
    Depending on the selection you make, additional controls are displayed.
  5. Specify the additional settings needed to suit the requirements for this log destination. The fields required to create a new log destination depend on the type you choose. BIG-IQ denotes required fields using an amber box. You can also determine whether you have completed all of the required fields by noting whether the Save & Close button is enabled.
    Note: Except for the Devices and Device Specific settings, the parameters on this screen perform the same function as they do when you configure a log destination on a BIG-IP device. For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on support.f5.com. From the BIG-IP Knowledge Center, select the BIG-IP LTM module and the software version you have installed; then select the appropriate guide. For example, information about the log destination parameters for BIG-IP version 13.0 is provided in the External Monitoring of BIG-IP Systems: Implementations, Version 13.0 guide.
  6. When you create a Log Destination and select a type of IPFIX or Remote High-Speed Log, you need to specify which devices to associate this destination with. When you create a Log Destination and select a type of Management Port you can specify device specific settings or, if no device specific settings are defined, the base configuration settings are used for any device associated with this log destination.
    Note: For additional detail on device-specific log destination types, refer to What is a device specific log destination? in the F5 BIG-IQ Centralized Management: Local Traffic & Network Implementations guide on support.f5.com.
    • If you have a lot of devices that you need to associate with this log destination and want to automate the process:
      1. Use the steps below to specify one device and then click Save.
      2. Associate this log destination with the log publishers that are pinned to your managed devices.
      3. Come back and edit this log destination. A Find Relevant Devices button displays. You can use this button to let BIG-IQ assemble a list of devices. BIG-IQ finds the BIG-IP devices that this destination can be deployed to. You can use the list to create a device-specific instance of this destination for each BIG-IP.
      4. Click Save to add the listed devices to the Device Specific list.
    • To specify the devices for this log destination manually:
      1. Select the device you want this destination to use
      2. If you are creating an IPFIX or Remote High-Speed Log destination log, select the pool that you want each device to use.
      3. Use the button to add additional devices to the list.
      4. Use the button to remove a device from the list.
      5. Click Save to add the listed devices to the Device Specific list.
    Devices you select for this log destination are added to the Device Specific list.
    Note: Click on a device name in the Device Specific list to edit settings for that device. Bear in mind though that changes you make to one device do not change the settings for other devices, or for the base configuration for the log destination.
  7. Click Save & Close.
    The system creates the new log destination with the settings you specified.

Create a new log publisher

Before you can create a new log publisher, configure a log destination with a pool of remote log servers so you can assign it to your publisher as you create it.

Log publishers specify log destinations that BIG-IP devices can send their log messages to.

  1. At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC > Logs > Log Publishers .
    The Log Publishers screen displays a list of the log publishers that are defined on this device.
  2. To create a new log publisher, click Create.
    The New Log Publisher screen opens so you can define the settings you want for this publisher.
  3. In the Name field, type in a name for the log publisher you are creating.
  4. Select the Log Destinations for this publisher.
    1. Select a destination type from the Available list.
      The list of destinations displays only the type you selected.
    2. Select one or more destinations from the Available list.
    3. Move the selected destinations to the Selected list.
      If you are using a formatted destination, select the destination that matches your log servers, such as Remote Syslog, Splunk, or ArcSight.
  5. Specify the additional settings needed to suit the requirements for this log publisher.
    The parameters on this screen are optional and perform the same function as they do when you configure a log publisher on a BIG-IP device.
    Note: For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on support.f5.com. From the BIG-IP Knowledge Center, select the BIG-IP LTM module and the software version you have installed; then select the appropriate guide. For example, information about the log publisher parameters for BIG-IP version 13.0 is provided in the External Monitoring of BIG-IP Systems: Implementations guide.
  6. Click Save & Close.
    The system creates the new log publisher with the settings you specified.

Create a new log filter

Before you create a new log filter, you must have configured at least one log publisher on this BIG-IQ.

Use this screen to create a new log filter for a managed device.

Create a custom log filters so you can specify the system log messages that you want to publish to a particular log.

  1. At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC > Logs > Log Filters .
    The Log Filters screen displays a list of the log filters that are defined on this device.
  2. To create a new log filter, click Create.
    The New Log Filter screen opens so you can define the settings you want for this filter.
  3. In the Name field, type in a name for the log filter you are creating.
  4. Specify the additional settings needed to suit the requirements for this log filter.
    The remaining parameters on this screen are optional and perform the same function as they do when you configure a log filter on a BIG-IP device.
    Note: For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on support.f5.com. From the BIG-IP Knowledge Center, select the BIG-IP LTM module and the software version you have installed; then select the appropriate guide. For example, information about the log filter parameters for BIG-IP version 13.0 is provided in the External Monitoring of BIG-IP Systems: Implementations guide.
  5. Click Save & Close.
    The system creates the new log filter with the settings you specified.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information