Re: F5 LTM: default send string

davecroto · ‎12-08-2011

A Splunk customer of mine has set up the Irule to communicate with Splunk and take advantage of the Splunk for f5 Networks. The only thing that is sent udp:514 to splunk is what appears to be just a test message: "default send string".

Very novice at BigIP LTM, but know splunk pretty well....any suggestions on what needs to be configured on the LoadBalancer to get more robust logging?

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

ppang · ‎12-08-2011

This is the step by step guide about setting up the syslog forwarding on the BigIP LTM

http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8260.html

davecroto · ‎12-08-2011

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

Brian_Osburn · ‎12-08-2011

Can you post a sanitized irule he's using?

F5 LTM: default send string

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Are you a member of the Splunk Community?

F5 LTM: default send string

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions