F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. F5 BIG-IQ Centralized Management: Local Traffic & Network Implementations
  5. Configure IPsec event viewing on the BIG-IQ
Manual Chapter : Configure IPsec event viewing on the BIG-IQ

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.3.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

How do I configure viewing IPsec event logs?

You can use BIG-IQ® Centralized Management to view IPsec events. To set up IPsec event log viewing, you need to:

  • Configure the BIG-IP® devices that comprise the IPsec tunnel to send events to the data collection device.
    • Create a log publisher pool.
    • Create a remote high-speed log destination for IPsec.
    • Create a remote Syslog destination for IPsec.
    • Configure a log publisher to send IPsec events to the BIG-IQ.
  • Configure the BIG-IQ system to view IPsec events.
    • Import IPsec configuration settings from the BIG-IP device.
    • Enable IPsec event collection.

After you complete these initial configuration tasks, you can view IPsec events on the BIG-IQ.

Create a log publisher pool

Creating a log publisher pool is part of the sequence you perform to route IPsec events from the BIG-IP® device to your data collection device so that you can view these events from the BIG-IQ®.
Important: Perform this task on the BIG-IP devices that comprise the IPsec tunnel; not on the BIG-IQ.
Important: You must perform these steps on both of the BIG-IP devices that comprise the IPsec tunnel.
  1. On the Main tab, click Local Traffic > Pools .
    The Pool List screen opens.
  2. Click Create.
    The New Pool screen opens.
  3. In the Name field, type a unique name for the pool.
    Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
    Important: The pool name is limited to 63 characters.
  4. Under Resources, create a new member.
    1. For Node Name, type a name for the member
    2. For Address, type the self IP address of your data collection device.
    3. For Service Port, type 9997.
    4. Click Add.
      The system creates the new pool member.
  5. Click Finished.
The log publisher pool you created is added to the pools list.

Create a remote high-speed log destination for IPsec

Before creating a remote high-speed log destination for IPsec, you must create a log publishing pool.
Creating a remote high-speed log destination is part of the sequence you perform to route IPsec events from the BIG-IP® device to your data collection device so that you can view these events from the BIG-IQ®.
Important: Perform this task on the BIG-IP devices that comprise the IPsec tunnel; not on the BIG-IQ.
Important: You must perform these steps on both of the BIG-IP devices that comprise the IPsec tunnel.
  1. On the Main tab, click System > Logs > Configuration > Log Destinations .
    The Log Destinations screen opens.
  2. Click Create.
  3. In the Name field, type a name to identify the IPsec remote high speed log destination.
  4. From the Type list, select Remote High-Speed Log.
  5. From the Pool Name list, select the log publisher pool that you defined previously.
  6. From the Protocol list, select the TCP protocol.
  7. Click Finished.

Create a remote Syslog destination for IPsec

Before creating a remote Syslog log destination for IPsec, you must create a log publishing pool and a high-speed log destination for IPsec.
Creating a remote Syslog log destination is part of the sequence you perform to route IPsec events from the BIG-IP® device to your data collection device so that you can view these events from the BIG-IQ® system.
Important: Perform this task on the BIG-IP devices that comprise the IPsec tunnel; not on the BIG-IQ.
Important: You must perform these steps on both of the BIG-IP devices that comprise the IPsec tunnel.
  1. On the Main tab, click System > Logs > Configuration > Log Destinations .
    The Log Destinations screen opens.
  2. Click Create.
  3. In the Name field, type IPsec-Syslog to identify the IPsec Syslog destination.
  4. From the Type list, select Remote Syslog.
  5. From the Syslog Format list, select a format for the logs.
  6. From the Forward To list, select the name of the IPsec remote high speed log.
  7. Click Finished.

Configure a log publisher to send IPsec events to the BIG-IQ

To send the IPsec event logs to the data collection device, you must configure a publisher to send them to the IPsec Syslog destination. This is the last task in the sequence you perform to route IPsec events from the BIG-IP® device to your data collection device so that you can view these events from the BIG-IQ®
Important: Perform this task on the BIG-IP devices that comprise the IPsec tunnel; not on the BIG-IQ.
Important: You must perform these steps on both of the BIG-IP devices that comprise the IPsec tunnel.
  1. On the Main tab, click System > Logs > Configuration > Log Publishers .
    The Log Publishers screen opens.
  2. Click the log publisher named default-ipsec-log-publisher.
    The Log Publisher properties screen opens.
  3. For the Destinations setting, select IPsec-Syslog from the Available list, and move it to the Selected list.
    Both local-syslog (the default) and IPsec-Syslog are listed in the Selected list.
  4. Click Update.
IPsec events will now route to the data collection device.
To use the IPsec tunnel configuration that you just completed on the BIG-IQ, you must import the settings for this device to the BIG-IQ.

Import IPsec configuration settings from the BIG-IP device

Before you can import settings from a managed device, you must have completed the configuration task on the BIG-IP® device. See Configure the BIG-IP device to send IPsec events to your data collection device for details.
To manage an IPsec tunnel on BIG-IQ®, you need to import the settings configured on the BIG-IP devices that reside on one each end of the tunnel.
Important: Perform this task on the BIG-IQ for each of the BIG-IP devices that make up the IPsec tunnel.
  1. At the top of the screen, click Devices.
  2. In the Services column, click the link that lists the currently managed services for the BIG-IP device that you configured with IPsec tunnel settings .
    The Services screen for the selected device opens.
  3. For Local Traffic (LTM), click Re-discover.
    The system discovers the LTM configuration settings for the BIG-IP device
  4. For Local Traffic (LTM), click Re-import.
    The system imports the LTM service for the BIG-IP device
  5. Click Cancel.
The IPsec tunnel settings you configured on the BIG-IP device are imported for the selected device.

Enable IPsec event collection

To view IPsec tunnel events on BIG-IQ®, you need to activate IPsec event collection for your data collection device (DCD) cluster.
  1. At the top of the screen, click System.
  2. On the left, expand BIG-IQ DATA COLLECTION and then select BIG-IQ Data Collection Devices.
    The BIG-IQ Data Collection Devices screen opens to list the data collection devices in the cluster
  3. In the Services column, click Add Services.
    The Services screen for this DCD opens.
  4. For IPsec, click Activate.
    The Listener Address displays the internal self IP address configured for the DCD. The self IP address is currently the recommended address for collecting event log data.
    The system begins collecting IPsec events.
  5. Click the Save & Close button at the bottom of the screen.
You can now view IPsec event logs using the BIG-IQ user interface.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information