You can configure the BIG-IP® system to log information about BIG-IP system processes and send the log messages to remote high-speed log servers. You can filter the data that the system logs based on alert-level and source.
When configuring remote high-speed logging of BIG-IP system processes, it is helpful to understand the objects you need to create and why, as described here:
|Object to create in implementation||Reason|
|Pool of remote log servers||Create a pool of remote log servers to which the BIG-IP system can send log messages.|
|Destination (unformatted)||Create a log destination of Remote High-Speed Log type that specifies a pool of remote log servers.|
|Destination (formatted)||If your remote log servers are the ArcSight, Splunk, or Remote Syslog type, create an additional log destination to format the logs in the required format and forward the logs to a remote high-speed log destination.|
|Publisher||Create a log publisher to send logs to a set of specified log destinations.|
|Filter||Create a log filter to define the messages to be included in the BIG-IP system logs and associate a log publisher with the filter.|
This illustration shows the association of the configuration objects for remote high-speed logging of BIG-IP system processes.
Perform these tasks to configure BIG-IP® system logging.
Create a log destination of the Remote High-Speed Log type to specify that log messages are sent to a pool of remote log servers.
Create a formatted logging destination to specify that log messages are sent to a pool of remote log servers, such as Remote Syslog, Splunk, or ArcSight servers.