Configure Log Streaming
Objective
This guide provides instructions on how to enable streaming of all system and application logs to an external log collection or monitoring system in F5® Distributed Cloud Services. This helps you analyze events and measure application performance, while establishing correlation with respect to other systems of your organization.
Log streaming is supported only for the following types of logs:
- Layer 7 request logs
- Network logs (if enabled through network policy)
Prerequisites
-
An F5 Distributed Cloud Account. If you do not have an account, see Getting Started with Console.
-
One or more sites. See Site Management for information on Site creation.
-
An external log collection or monitoring system reachable from the Site. Ensure that the hostname is resolved and reachable from your F5 Site.
Enable Streaming of Logs
The example shown in this guide sets up a syslog server in a Docker container, and creates a log receiver object in the F5® Distributed Cloud Console for the syslog server.
Note: Streaming of logs is also supported for AWS Elasticsearch and Splunk.
This example starts a syslog server in a Docker container.
Step 1: Start external log collection server.
- Start the Docker container for syslog and expose ports 514 and 601 for UDP and TCP connections, respectively. F5® Distributed Cloud Console uses these ports by default for streaming logs when log streaming is enabled.
Note: You can configure a log collection system of your choice. However, ensure that the host is reachable from your Site from which logs are intended to be streamed.
docker run -it --rm -p 514:514/udp -p 601:601 --name syslog-ng balabit/syslog-ng:latest
- Optionally, log into the container to start displaying tail logs.
docker exec -it syslog-ng tail -f /var/log/messages
- Ensure that the syslog host is resolved from the Site. This example adds an entry in the /etc/hosts file on your Site with the hostname resolution.
192.168.1.33 syslog.mydomain
Step 2: Create new log receiver.
-
In the Multi-Cloud Network Connect workspace, navigate to Manage > Log Management > Log Receivers.
-
Click Add Log Receiver.
-
Enter a name.
-
From the Syslog Transport Mode, select an option.
-
In the Server name, enter the name of your external log collection host.
-
In the Port Number field, specify a port number.
-
Click Add Log Receiver.
Step 3: Enable log streaming for Site.
New Secure Mesh Site v2
-
Navigate to your Site to edit the confirmation.
-
In the Site Management section: From the Logs Streaming menu, select Enable.
-
Select the log receiver from the Enable drop-down menu.
-
Click Save Secure Mesh Site.
Legacy Site
This example uses an AWS VPC Site.
-
Navigate to your Site to edit the confirmation.
-
In the Advanced Configuration section: From the Logs Streaming menu, select Enable Logs Streaming.
-
Select the log receiver from the Enable Logs Streaming drop-down menu.
-
Click Save AWS VPC Site.