How To: Configure remote logging

BIG-IP Next Central Manager allows you to configure log consumers to a specific BIG-IP Next instance, allowing you to stream the instance logs and security event data to a remote log server.

Log data collected includes:

  • Instance logs (debugging logs for application service delivery and WAF module).

Note: A log consumer must be configured for each instance.

Prerequisites

  • You must have at least one BIG-IP Next instance installed on BIG-IP Next Central Manager.

    Note: WAF is provisioned by default to a licensed BIG-IP Next instance. Ensure that WAF is currently enabled on the instance.

  • To create a remote log consumer you need to obtain the SSL certificate for the remote log server, which includes a public/private key signed by a certificate authority:

    • Certificate - A SSL certificate obtained from a certificate authority.

    • Private key - You must have an RSA private key for your certificate.

    • Root CA - The self-signed public key from the certificate authority.

Create a new log consumer for a BIG-IP Next instance

Create a log consumer on a BIG-IP Next instance to enable streaming logs to a remote log server. You can create multiple log consumers for an instance.

Note: F5 does not recommend creating more than 5 log consumers per instance.

The image below demonstrates log consumer creation on a standalone instance:

  1. Log in to BIG-IP Next Central Manager.

  2. Click the Workspace icon next to the F5 logo and then click Infrastructure.

  3. Click the name of the BIG-IP Next instance.

  4. Select Log Management from the panel menu.

  5. Click Create.

  6. Enter the Hostname for your remote log server domain. For example: external.system.com.

  7. Enter the IP Address for the remote log server.

  8. Enter the Port number for the remote log server.

  9. Paste the Private key, Certificate, and Root CA for the remote server. Install or obtain the SSL certificate, private key and root CA public key from your remote logger.

The log consumer is added to the Log Management list. Once you add a log consumer, you cannot edit the data at a later time. You can delete the log consumer from the instance and create a new log consumer with updated information.

If you would like to add the same log consumer to other BIG-IP Next instances, you will need to repeat this process for each instance.

Delete a log consumer from a BIG-IP Next instance

Delete a log consumer configured to a BIG-IP Next instance. The image below demonstrates log consumer deletion:

  1. Log in to BIG-IP Next Central Manager.

  2. Click the Workspace icon next to the F5 logo and then click Infrastructure.

  3. Click the name of the BIG-IP Next instance

  4. Select Log Management from the panel menu.

  5. Select the check box next to the log consumer(s) you would like to delete.

  6. Click Delete.

  7. Confirm your action.

This ends streaming from the remote log, and the log consumer is removed from the instances Log Management list.

Troubleshooting

If you are unable to connect your log consumer to the instance, you will need to perform the troubleshooting procedure.

You should only use this procedure if Create a new log consumer for a BIG-IP Next instance fails.