F5BigLogHslpub

Overview

The F5BigLogHslpub Custom Resource (CR) defines the various logging options such as format, protocol, distribution method, and the logging endpoints. The F5BigLogHslpub can be referenced by the F5BigLogProfile, F5BigPePolicy, and F5BigClassificationprofile CRs.

This document guides you through understanding, configuring and installing a simple F5BigLogHslPub CR.

CR Parameters

metadata

Parameter Description
name The name of the HSL publishing profile. This value is referenced by the Additional CRs listed below.
namespace The Kubernetes namespace the HSL publishing profile will install to.

spec

Parameter Description
ipfix.name A user defined name for the ipfix configuration.
ipfix.pool Specifies the pool of logging enpoints to receive logging messages.
ipfix.profileName Specifies the profile tcp or udp.
ipfix.protocolVersion ipfix or netflow-9, depending on the type of collectors in the pool.
loadBalancingMethod Defines the load balancing mode used to distribute traffic across multiple pool members: ROUND_ROBIN (default), or RATIO_LEAST_CONN_MEMBER
pool.members Specifies the list of IPv4 address and the service port of the logging endpoints. For example: 10.30.2.220 and port:514.
pool.minActiveMembers Specifies the minimum number of members that must be available in one priority group.
pool.monitors Specified monitors must be used for monitoring the pool memebers. TCP and ICMP are the supported protocols.
pool.name A user defined name for the HSL logging pool.
pool.endpoint Specifies the IPv4 or IPv6 address and the service port of the logging endpoint: 10.30.2.220:514 or [2002::10:30:2:220]:514.
syslog.name A user defined name for the syslog configuration.
syslog.format Specifies the logging format: rfc5424 (default), rfc3164, or legacy-bigip.
syslog.protocol Specifies the protocol to use when connecting to the logging endpoint: udp (default) or tcp.
syslog.distribution Specifies the distribution method used to send messages to pool members: adaptive (default) - connections to pool members are added as required to provide enough logging bandwidth. This can have an undesirable effect of logs accumulating on only one pool member when it provides sufficient logging bandwidth on its own. balanced - sends each successive log to a new pool member, balancing the logs among them according to the pool's load balancing method. replicate - replicates each log to all pool members, for redundancy.
syslog.pool Specifies the pool of logging enpoints to receive logging messages.



Notes:

  • For a given pool in the CR, either pool.endpoint or pool.members parameter must be used.
  • If there is a need to monitor the HSL destinations and define priority grouping, add pool.members parameter.

Requirements

Ensure you have:

  • Installed a K8S Service object and application.
  • Installed the BIG-IP Controller.
  • A Linux based workstation.

Installation

Use these steps to install the example F5BigLogHslpub and F5BigLogProfile CRs, and the optional CNFs CRs. Each step offers a brief description of the example CR.

_images/spk_info.png Tip: Open a second shell to view the CNFs Event Logs while installing.

  1. Optional: The example F5BigLogHslpub CR specifies a remote servers with IP/port [2002::10:30:2:220]:514, and the udp protocol. Copy and paste the example into a YAML file:

    apiVersion: "k8s.f5net.com/v1"
    kind: F5BigLogHslpub
    metadata:
      name: "cnf-hsl-pub"
      namespace" "cnf-gateway"
    spec:
      pool:
        - name: "hsl-pool"
          endpoint:
           - "[2002::10:30:2:220]:514"
      syslog:
      - name: "syslog1"
        format: "rfc5424"
        protocol: "udp"
        pool: "hsl-pool"
    
  2. Optional: The example F5BigLogHslpub CR with ipfix logging enabled specifies a remote servers with IP/port [10.2.20.107]. Update the udp profile name with sys-default-udp and protocol version with ipfix. Copy and paste the example into a YAML file:

    apiVersion: "k8s.f5net.com/v2"
    kind: F5BigLogHslpub
    metadata:
      name: "cnf-hsl-pub"
    spec:
    pool:
      - name : "ipfix-pool"
        members:
          - address: 10.2.20.107
            port: 514
            priority-group: 4
      monitors:
        icmp:
          - interval: 15
            timeout: 30
        min-active-members: 1
      - name: ipfix-pool2
        members:
          - address: 10.2.20.108
            port: 514
            priority-group: 2
      monitors:
        tcp:
          - interval: 10
            timeout: 40
    ipfix:
     - name: "ipfixhsl"
       pool: "ipfix-pool"
       profileName:
         udpProfileName: "sys-default-udp"
       protocolVersion: "ipfix"
    
  3. Optional: Configure the monitors, priority group, and min-active-members in the existing inline pools within the HSL publisher, to track the health status of the HSL server endpoint. Copy and paste the following code into a YAML file for syslog destination.

    Note: If a pool member does not respond within a specified timeout period (configured timeout), then that pool member will be marked as down and it will not be picked for load balancing.

    apiVersion: "k8s.f5net.com/v2"
    kind: F5BigLogHslpub
    metadata:
      name: "cnf-hsl-pub"
    spec:
      pool:
        - name : "hsl-pool"
          members:
            - address: 10.2.20.107
            port: 514
            priority-group: 4
          monitors:
            icmp:
            - interval: 15
              timeout: 30
          min-active-members: 1
        - name: hsl-pool2
          members:
          - address: 10.2.20.108
            port: 514
            priority-group: 2
        monitors:
          tcp:
            - interval: 10
              timeout: 40
    
      syslog:
       - name: "syslog5"
         format: "rfc5424"
         protocol: "tcp"
         distribution: adaptive
         pool: "hsl-pool"
    
  4. Install the F5BigLogHslpub CR:

    oc apply -f cnf-hsl-cr.yaml
    

    In this example, the BIG-IP Controller logs indicate the F5BigLogHslpub CR was added/updated:

    I0202 12:00:00.12347   1 event.go:282 Event(v1.ObjectReference{Kind:"F5Hslpub",
    F5Hslpub cnf-gateway/cnf-hsl-pub was added/updated
    
  5. The example F5BigLogProfile specifies firewall events such as aclMatchAccept and aclMatchDrop, and sends them to the remove logging server. Copy and paste the example into a YAML file:

    Note: The F5BigLogProfile CR will be referenced by the F5BigContextSecure CR.

    apiVersion: "k8s.f5net.com/v1"
    kind: F5BigLogProfile
    metadata:
      name: "cnf-log-profile"
      namespace: "cnf-gateway"
    spec:
      name: "cnf-logs"
      firewall:
        enabled: true
        network:
          publisher: "cnf-hsl-pub"
          events:
            aclMatchAccept: true
            aclMatchDrop: true
            tcpEvents: true
            translationFields: true
    
  6. Install the F5BigLogProfile CR:

    oc apply -f cnf-log-cr.yaml
    

    In this example, the BIG-IP Controller logs indicate the F5BigLogProfile CR was added/updated:

    I0202 12:00:00.12348   1 event.go:282 Event(v1.ObjectReference{Kind:"F5LogProfile",
    LogProfile cnf-gateway/cnf-log-profile was added/updated
    
  7. Continue to the Additional CRs to begin using the F5BigLogHslpub profile.

Additional CRs

The F5BigFwPolicy can also be referenced by these CNFs CRs:

  • F5BigContextSecure - Full proxy TCP and UDP application layer gateway services.
  • F5BigAlgFtp - File Transfer Protocol (FTP) application layer gateway services.
  • F5BigAlgTftp - Trivial File Transfer Protocol (TFTP) application layer gateway services.
  • F5BigAlgPptp - Point-to-Point Tunneling Protocol (PPTP) application layer gateway services.
  • F5BigAlgRtsp - Real Time Streaming Protocol (RTSP) application layer gateway services.

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.