Hello everyone I'm doing a logging lab and I'm asking for your help to understand some things. I have two BIG-IP LTM in HA and a Qradar logging server. I have configured the Qradar as syslog serve...
Logging is set on each appiance as its own configuration, however since most log alerts should be comming from the dataplane -only the active will be logging that traffic. In your logging engine you should be able to search by name or IP -to ensure that the logs are comming in from both devices.
Depending on what interface you are logging from - and or how much natting - and proxy'ing you do - you should probably consider adding the IP address that logging is coming from under local IP - in the logging configuration. If the IP address in local IP -is set in DNS , it should show up in the logging with the correct host name.