IBM QRadar (BIG-IP v11.3: LTM)
This F5 deployment guide shows administrators how to configure the BIG-IP Local Traffic Manager (LTM) for Syslog event load balancing for IBM Security QRadar SIEM and Log Manager.
The BIG-IP LTM is capable of load balancing Syslog event messages. This is beneficial for environments that have more logs being generated than a single log server can collect. By deploying multiple QRadar log servers behind the BIG-IP system, the load of the log generating devices can be spread across multiple log collectors.
Scaling syslog services can become a manual task that involves the configuration and restart of multiple configuration files; an error prone
set of procedures. By using BIG-IP Local Traffic Manager, you can realize the following benefits:
- Reduce configuration complexity by using a Virtual IP Address instead of hard-coding individual QRadar SIEM IP addresses,
- Increase uptime and percentage of log retention by managing failover through BIG-IP's health monitors,
- Ease scaling the configuration by reducing the effort required to add resources; simply add a new server to the BIG-IP load balancing pool.
The following diagram shows the network topology of the configuration described in this guide.
