Re: F5 LTM: default send string

davecroto · ‎12-08-2011

A Splunk customer of mine has set up the Irule to communicate with Splunk and take advantage of the Splunk for f5 Networks. The only thing that is sent udp:514 to splunk is what appears to be just a test message: "default send string".

Very novice at BigIP LTM, but know splunk pretty well....any suggestions on what needs to be configured on the LoadBalancer to get more robust logging?

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

ppang · ‎12-08-2011

This is the step by step guide about setting up the syslog forwarding on the BigIP LTM

http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8260.html

davecroto · ‎12-08-2011

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

Brian_Osburn · ‎12-08-2011

Can you post a sanitized irule he's using?

F5 LTM: default send string

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

F5 LTM: default send string

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!