Deploying BIG-IP Telemetry Streaming with Azure Sentinel as its consumer.
Published Oct 26, 2020
Version 1.0Was this article helpful?
One of the reasons this doesn't work is that in the declaration above the guys have put a tcp monitor on the "telemetry" pool. A tcp connection attempt to 255.255.255.254 from the monitor fails (not sure why as the log profile uses TCP to route using that pool) but this marks the member down and the logging fails.
I found the only way to get this to work is to remove the monitor. You should then be able to see traffic hitting the pool member. You can also test using a tcpdump :
tcpdump -nn -A -s 0 -i any host 255.255.255.254
- which will show the request logs hitting the local loopback (and you can see the request log data in the trace).