Forum Discussion

andrewtaylor's avatar
andrewtaylor
Icon for Contributor rankContributor
31 days ago

Load balance syslog traffic (TCP/TCP-tls)

Anybody had any success with this?

Going direct to message collectors works as expected. When we put a load balancer in the middle it does not work.

As per SL1 documentation, the traffic is being forwarded from the load balancer with the original source IP. However, the source port is different (no mention about that in the documentation) and this is where I think the problem lies as the backend server is sending the tcp acknowledgements back to the source IP but to a different port (the port the LB has forwarded the traffic on).

Makes sense that we also need to passthrough the source port being used, but this is not a configuration that has been used before (other apps being managed by the load balancer are mainly https with x-forwarder) and there is a reluctance to configure without evidence that this is correct. Surprising how little information there is out on the internet about configuring LB (unless my googling is not up to scratch :-) )

Would be good to know how others have the LB configured for syslog for tcp/tcp-tls traffic

 

No RepliesBe the first to reply