Forum Discussion
GavinW_29074
Jul 02, 2012Nimbostratus
Joe
One quick thing to add from me.
We're using Splunk in our installation, with 2 pairs of F5 3900's in separate DC's.
Rather than relying on the Splunk built in syslog listener, we've installed syslog-ng, which allows you finer control over how to record logs, separate hosts, etc. We've then got Splunk configured to monitor those files on the local file-sys. There were some other benefits as well, but cant remember off the top of my head :)
This also means that we can restart Splunk without loosing any traffic data.
Oh, and one other thing...
I've created a second Splunk iRule for use with HTTPS VIPs, which adds the relevant SSL details to the Splunk log entries.
Can provide a copy if useful for you...
Cheers
Gavin