There are several ways to log events on the Internet. These include configuring the IP address used as the source for logging events, configuring a rate limit, and specifying a hostname. This article will discuss the first two methods. Depending on your needs, you can configure multiple IP addresses. You can even configure different sources for different types of events. After you set up your logging options, you can configure different rate limits for different types of events.
Configuring an IP address for logging
One way to get access to your log messages from remote servers is by configuring your BIG-IP logging system to publish log messages to a remote IP address. The BIG-IP system supports a number of different destinations, including remote Syslog, Splunk, ArcSight, and Remote Syslog servers. The 192.168.l.l destination that you specify must point to a high-speed logging server pool.
Configuring a rate limit for logging events
You can set a rate limit for logging events in your Identity Engine to limit the number of events that are logged. This limit applies to the types of events that you log and how often they are processed. The rate limit can be configured for the entire organization or for a single source.
Configuring a hostname for logging
When logging, you can use the OSE logging system to configure a hostname for each log message. This setting can be configured globally or per source. If you configure the option locally, it overrides the global setting.
Specifying a source IP address
To log messages to a syslog server, you need to specify a source IP address. To do this, you use the logging source-interface command. This will log messages to the syslog server using the IP address of the interface that left the router.
Specifying a vlan id as the source IP address
VLAN IDs are numbers added to packets by VLAN switches and routers. They allow groups of IP addresses to be associated. The VLAN ID is a prefix that contains a number between one and 4094. The VLAN ID 0 is reserved for use on high-priority frames. Otherwise, it can be any other number.
Configuring a log translation field
The BIG-IP system has a feature called log translation that lets you specify the IP address of a specific host. It works with the NAT protocol and enables you to set your firewall to log specific types of events in a particular format. In this feature, you can specify the IP address of a particular host by entering its original or NAT-translated IP address.