- What is Log Export 2?
- What is the impact of migrating from Log Export 1 to Log Export 2?
- Log Export v2
- What New Features does LE2 Offer?
- How do I migrate to LE2?
- How long will migration to LE2 take?
- Will the traffic be affected during this migration?
What is Log Export 2 (LE2)?
Log Export 2 (LE2) is F5 Silverline's second generation event shipper. It allows customers to receive near real time copies of security and event data generated by Silverline.
What New Features does LE2 Offer?
- Support for multiple log formats including DataDog (via Syslog), LogDNA (via Syslog), Splunk Cloud (HEC), Sumo Logic (via Syslog), Syslog
- Improved resiliency - if your log collector is inaccessible V2 will buffer logs for up to 4 hours
- Regional delivery - logs are delivered from the region they were generated in
Note: To ease the transition from V1 to V2 logs generated from US East, US West, Germany, UK, and Asia will be sent from US West until 2022.
What is the impact of migrating from Log Export 1 (LE1) to LE2?
- LE2 supports the same log formats as LE1.
- LE1 delivered logs only from US West whereas LE2 delivers logs from the region that processed the traffic.
How do I migrate to LE2?
How long does the migration to LE2 take?
The process should take a maximum of 1 hour (often only a few minutes).
During the migration: there is no need to have a call with you, but if you prefer let us know and we'll set up a Zoom meeting.
Will the traffic be affected during this migration?
No. You will not experience any impact on the data plane (proxy) traffic.
There are two potential risks in the delivery of audit logs:
- Duplicate Logs (more likely)
- During the short period where LE1 and LE2 are configured, you would receive multiple copies of logs.
- A minimal gap in logs (less likely)
- If there is an issue, such as an issue with firewall rules, the copy retained by the Silverline infrastructure will be unaffected.
- LE2 writes backups of all logs attempting to egress our network (in the configured delivery format), which we retain for a short period, so we can fill gaps caused by connectivity issues to your infrastructure.
- How to Configure Log Export
- Q&A: What IP addresses does Log Export use to send traffic?
- Q&A: Why is the Status "Unavailable" for a Log Export destination?
- How to Edit, Test, and Delete Log Export Destinations
- Q&A: What is the format of syslog export messages? What are some samples or examples for WAF / DDoS / L7 DDoS / Threat Intelligence / iRule logs?