Lab 1.6: Send Logs to ELK Stack

Configure f5 for logging to new ELK stack

Check that data is arriving at ELK stack

Task 1 - Confirm BIG-IP is sending logs to ELK Stack

  1. Confirm via TMUI that the setup from Class 1 Lab 2.1

Update AFM Reporting to include what was not included in previous lab.

template16

Note

Make sure the correct port is allocated as per previous Logstash configuration
  • Pool = tcp server:5514 - PEM
  • Pool = tcp server:5515 - DNS
  • Pool = tcp server:5516 - AFM/CGNAT
  1. Confirm Data is arrinving on server

sudo tcpdump -i eth1 port 5514

  1. Check that Data is arriving in the Index

curl ‘localhost:9200/_cat/indices?v’

template8

or via POSTMAN

template9

Previous Next