Applies To:
Show VersionsDeploying a Data Collection Device
How do I deploy a data collection device cluster?
To manage the data generated by BIG-IP® devices on BIG-IQ® Centralized Management, you deploy a network of devices called a data collection device (DCD) cluster, and then configure that cluster to meet your business needs.
- Prepare your network environment and architecture (refer to Planning a BIG-IQ Centralized Management Deployment in Planning a BIG-IQ Centralized Management Deployment on support.f5.com for details).
- Install and configure the platform you plan to use to run the BIG-IQ system. The platform can either be a physical device or a virtual device. To use a physical device, you need a BIG-IQ 7000 series device. To use a virtual device, the solution you choose depends on the environment you choose. Supported platforms for this release are listed below. Use the guide appropriate for the platform you use to complete the installation. All of these guides are posted on support.f5.com.
If you choose this platform: Refer to this guide for installation details: BIG-IQ 7000 Series Platform Guide: BIG-IQ 7000 Series Amazon Web Services F5 BIG-IQ Centralized Management 6.0.0 and Amazon Web Services: Setup Citrix XenServer: F5 BIG-IQ Centralized Management 6.0.0 and Citrix XenServer: Setup KVM F5 BIG-IQ Centralized Management 6.0.0 and Linux KVM: Setup Microsoft Azure F5 BIG-IQ Centralized Management 6.0.0 and Microsoft Azure: Setup Microsoft Hyper-V F5 BIG-IQ Centralized Management 6.0.0 and Microsoft Hyper-V: Setup VMware ESXi F5 BIG-IQ Centralized Management 6.0.0 and VMware ESXi: Setup Xen Project F5 BIG-IQ Centralized Management 6.0.0 and Linux Xen Project: Setup - Discover and activate the DCDs.
- Define an external location to store snapshots.
- Enable data collection for the DCD cluster.
- Configure a BIG-IP system to send alerts or events to the cluster (if needed).
- Configure the BIG-IQ system that manages the DCD cluster for HA (if needed).
Licensing and setting up a data collection device
You license data collection device in one of the following ways:
- If the system has access to the internet, you can have the data collection device contact the F5 license server and automatically activate the license.
- If the system is not connected to the internet, you can manually retrieve the activation key from a system that is connected to the internet, and transfer it to the data collection device.
- If your data collection device is in a closed-circuit network (CCN) that does not allow you to export any encrypted information, you must open a case with F5 support.
When you license the data collection device, you:
- Specify a host name for the system.
- Assign a management port IP address.
- Specify the IP address of your DNS server and the name of the DNS search domain.
- Specify the IP address of your Network Time Protocol (NTP) servers and select a time zone.
- Change the administrator’s default admin and root passwords.
Automatic license and initial setup for a DCD
Manual license and initial setup for a DCD
Discover and activate a data collection device
Decide whether to configure log indices
- A new current index is created.
- BIG-IP data begins accumulating in the new index.
- The former current index becomes one of the retained indices.
- If the total number of indexes is now larger than the retained index count, the oldest one is dropped.
Modify alert log indices for Access
- A new current index is created.
- BIG-IP data begins accumulating in the new index.
- The former current index becomes one of the retained indices.
- If the total number of indexes is now larger than the retained index count, the oldest one is dropped.
Modifying event log indices for FPS
- A new current index is created.
- BIG-IP data begins accumulating in the new index.
- The former current index becomes one of the retained indices.
- If the total number of indexes is now larger than the retained index count, the oldest one is dropped.
Modify alert log indices for Web Application Security
- A new current index is created.
- BIG-IP data begins accumulating in the new index.
- The former current index becomes one of the retained indices.
- If the total number of indexes is now larger than the retained index count, the oldest one is dropped.
Modifying alert log indices for IPsec
- A new current index is created.
- BIG-IP data begins accumulating in the new index.
- The former current index becomes one of the retained indices.
- If the total number of indexes is now larger than the retained index count, the oldest one is dropped.
Manage the retention policy for your statistics data
- The number of BIG-IP devices you manage
- The number of objects on the BIG-IP devices you manage (for example, virtual servers, pools, pool members, and iRules)
- The frequency of statistics collection
- The data retention policy
- The data replication policy
Configure secure communications for data collection device
- Use SSH to log in to the data collection device.
- Replace the content of the /etc/httpd/conf/ssl.crt/ directory on the data collection device with your signed SSL certificate.
- Replace the content of the /etc/httpd/conf/ssl.key/ directory on the data collection device with your signed SSL key.
- To apply these changes to the data collection device, type: bigstart restart webd and then press Enter.
- Log out of the data collection device.
Add a proxy for secure communication
Before you can perform this task, you must be logged in as Admin, and you must have configured a proxy server that your data collection device (DCD) cluster can access.
Define external storage snapshots location
- IP address for the storage machine
- Storage file path
- User name, password, and (optionally) domain for the user account configured on the external storage device
- Read/Write permissions for the storage file path
If you set up external storage for this logging node cluster in 5.1.and plan to retain that setup after you upgrade, continue setting up the external storage location. When you create DCD snapshots, they need to be stored on a machine other than the DCD. You define the location for the snapshot using the BIG-IQ Centralized Management device.
Define snapshot schedules
Overview of configuring the data collection device to BIG-IP device connection
The workflow to configure data to route from the BIG-IP® devices to your data collection device (DCD) cluster depends on the type of data you want to collect.
- To collect statistics data, refer to Discover and activate a data collection device.
- To collect Access Policy Manager® data, refer to Configuring remote logging for Access Policy Manager.
- To collect Fraud Protection Services data, refer to Configuring BIG-IP FPS devices to route alerts to a data collection device.
- To collect Web Application Security
data, refer to:
- Configuring the BIG-IP logging profile
- Virtual servers that remote logging uses to route event logs
- Assigning the logging profile to a virtual server
Configure remote logging for Access Policy Manager
Configuring BIG-IP FPS devices to route alerts to a data collection device
The BIG-IP® device that generates Fraud Protection Service alerts must be configured to send its alerts to the data collection device (DCD). This process is documented in a separate guide. The guide F5® Fraud Protection Service: Configuration, Version 13.0 provides complete setup instructions for using FPS on a BIG-IP® system. Complete the standard setup as documented in the guide, except when you configure the alert server pool, add your DCDs to an alerts pool using their internal self IP addresses.
- Distribute traffic between the nodes.
- Ensure that, if a DCD goes offline, the BIG-IP device must still be able send traffic to the available DCDs without dropping alerts.
The default port to specify is 8008, but you can use a different port if your DCD is configured for it. To ensure that alerts are received even if one DCD goes down, specify at least one alternative DCD.
Configure the BIG-IP logging profile
Virtual servers that remote logging uses to route alert or event logs
You can either create a new virtual server on the BIG-IP® device that creates the alert or event, or you can use a virtual server that already exists on that device.