F5BigLogHslpub¶
Overview¶
The F5BigLogHslpub Custom Resource (CR) defines the various logging options such as format, protocol, distribution method, and the logging endpoints. The F5BigLogHslpub can be referenced by the F5BigLogProfile, F5BigPePolicy, and F5BigClassificationprofile CRs.
This document guides you through understanding, configuring and installing a simple F5BigLogHslPub CR.
CR Parameters¶
metadata¶
Parameter | Description |
---|---|
name |
The name of the HSL publishing profile. This value is referenced by the Additional CRs listed below. |
namespace |
The Kubernetes namespace the HSL publishing profile will install to. |
spec¶
Parameter | Description |
---|---|
ipfix.name |
A user defined name for the ipfix configuration. |
ipfix.pool |
Specifies the pool of logging enpoints to receive logging messages. |
ipfix.profileName |
Specifies the profile tcp or udp. |
ipfix.protocolVersion |
ipfix or netflow-9, depending on the type of collectors in the pool. |
loadBalancingMethod |
Defines the load balancing mode used to distribute traffic across multiple pool members: ROUND_ROBIN (default), or RATIO_LEAST_CONN_MEMBER |
pool.members |
Specifies the list of IPv4 address and the service port of the logging endpoints. For example: 10.30.2.220 and port:514. |
pool.minActiveMembers |
Specifies the minimum number of members that must be available in one priority group. |
pool.monitors |
Specified monitors must be used for monitoring the pool memebers. TCP and ICMP are the supported protocols. |
pool.name |
A user defined name for the HSL logging pool. |
pool.endpoint |
Specifies the IPv4 or IPv6 address and the service port of the logging endpoint: 10.30.2.220:514 or [2002::10:30:2:220]:514. |
syslog.name |
A user defined name for the syslog configuration. |
syslog.format |
Specifies the logging format: rfc5424 (default), rfc3164, or legacy-bigip. |
syslog.protocol |
Specifies the protocol to use when connecting to the logging endpoint: udp (default) or tcp. |
syslog.distribution |
Specifies the distribution method used to send messages to pool members: adaptive (default) - connections to pool members are added as required to provide enough logging bandwidth. This can have an undesirable effect of logs accumulating on only one pool member when it provides sufficient logging bandwidth on its own. balanced - sends each successive log to a new pool member, balancing the logs among them according to the pool's load balancing method. replicate - replicates each log to all pool members, for redundancy. |
syslog.pool |
Specifies the pool of logging enpoints to receive logging messages. |
Notes:
- For a given pool in the CR, either
pool.endpoint
orpool.members
parameter must be used. - If there is a need to monitor the HSL destinations and define priority grouping, add
pool.members
parameter.
Requirements¶
Ensure you have:
- Installed a K8S Service object and application.
- Installed the BIG-IP Controller.
- A Linux based workstation.
Installation¶
Use these steps to install the example F5BigLogHslpub and F5BigLogProfile CRs, and the optional CNFs CRs. Each step offers a brief description of the example CR.
Tip: Open a second shell to view the CNFs Event Logs while installing.
Optional: The example F5BigLogHslpub CR specifies a remote servers with IP/port [2002::10:30:2:220]:514, and the udp protocol. Copy and paste the example into a YAML file:
apiVersion: "k8s.f5net.com/v1" kind: F5BigLogHslpub metadata: name: "cnf-hsl-pub" namespace" "cnf-gateway" spec: pool: - name: "hsl-pool" endpoint: - "[2002::10:30:2:220]:514" syslog: - name: "syslog1" format: "rfc5424" protocol: "udp" pool: "hsl-pool"
Optional: The example F5BigLogHslpub CR with ipfix logging enabled specifies a remote servers with IP/port [10.2.20.107]. Update the udp profile name with sys-default-udp and protocol version with ipfix. Copy and paste the example into a YAML file:
apiVersion: "k8s.f5net.com/v2" kind: F5BigLogHslpub metadata: name: "cnf-hsl-pub" spec: pool: - name : "ipfix-pool" members: - address: 10.2.20.107 port: 514 priority-group: 4 monitors: icmp: - interval: 15 timeout: 30 min-active-members: 1 - name: ipfix-pool2 members: - address: 10.2.20.108 port: 514 priority-group: 2 monitors: tcp: - interval: 10 timeout: 40 ipfix: - name: "ipfixhsl" pool: "ipfix-pool" profileName: udpProfileName: "sys-default-udp" protocolVersion: "ipfix"
Optional: Configure the monitors, priority group, and min-active-members in the existing inline pools within the HSL publisher, to track the health status of the HSL server endpoint. Copy and paste the following code into a YAML file for syslog destination.
Note: If a pool member does not respond within a specified timeout period (configured timeout), then that pool member will be marked as down and it will not be picked for load balancing.
apiVersion: "k8s.f5net.com/v2" kind: F5BigLogHslpub metadata: name: "cnf-hsl-pub" spec: pool: - name : "hsl-pool" members: - address: 10.2.20.107 port: 514 priority-group: 4 monitors: icmp: - interval: 15 timeout: 30 min-active-members: 1 - name: hsl-pool2 members: - address: 10.2.20.108 port: 514 priority-group: 2 monitors: tcp: - interval: 10 timeout: 40 syslog: - name: "syslog5" format: "rfc5424" protocol: "tcp" distribution: adaptive pool: "hsl-pool"
Install the F5BigLogHslpub CR:
oc apply -f cnf-hsl-cr.yaml
In this example, the BIG-IP Controller logs indicate the F5BigLogHslpub CR was added/updated:
I0202 12:00:00.12347 1 event.go:282 Event(v1.ObjectReference{Kind:"F5Hslpub", F5Hslpub cnf-gateway/cnf-hsl-pub was added/updated
The example F5BigLogProfile specifies firewall events such as aclMatchAccept and aclMatchDrop, and sends them to the remove logging server. Copy and paste the example into a YAML file:
Note: The F5BigLogProfile CR will be referenced by the F5BigContextSecure CR.
apiVersion: "k8s.f5net.com/v1" kind: F5BigLogProfile metadata: name: "cnf-log-profile" namespace: "cnf-gateway" spec: name: "cnf-logs" firewall: enabled: true network: publisher: "cnf-hsl-pub" events: aclMatchAccept: true aclMatchDrop: true tcpEvents: true translationFields: true
Install the F5BigLogProfile CR:
oc apply -f cnf-log-cr.yaml
In this example, the BIG-IP Controller logs indicate the F5BigLogProfile CR was added/updated:
I0202 12:00:00.12348 1 event.go:282 Event(v1.ObjectReference{Kind:"F5LogProfile", LogProfile cnf-gateway/cnf-log-profile was added/updated
Continue to the Additional CRs to begin using the F5BigLogHslpub profile.
Additional CRs¶
The F5BigFwPolicy can also be referenced by these CNFs CRs:
- F5BigContextSecure - Full proxy TCP and UDP application layer gateway services.
- F5BigAlgFtp - File Transfer Protocol (FTP) application layer gateway services.
- F5BigAlgTftp - Trivial File Transfer Protocol (TFTP) application layer gateway services.
- F5BigAlgPptp - Point-to-Point Tunneling Protocol (PPTP) application layer gateway services.
- F5BigAlgRtsp - Real Time Streaming Protocol (RTSP) application layer gateway services.
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.