DEPLOYMENT GUIDE

IBM QRadar (BIG-IP v11.3: LTM)

This F5 deployment guide shows administrators how to configure the BIG-IP Local Traffic Manager (LTM) for Syslog event load balancing for IBM Security QRadar SIEM and Log Manager.

The BIG-IP LTM is capable of load balancing Syslog event messages. This is beneficial for environments that have more logs being generated than a single log server can collect. By deploying multiple QRadar log servers behind the BIG-IP system, the load of the log generating devices can be spread across multiple log collectors.

Scaling syslog services can become a manual task that involves the configuration and restart of multiple configuration files; an error prone
set of procedures. By using BIG-IP Local Traffic Manager, you can realize the following benefits:

  • Reduce configuration complexity by using a Virtual IP Address instead of hard-coding individual QRadar SIEM IP addresses,
  • Increase uptime and percentage of log retention by managing failover through BIG-IP's health monitors,
  • Ease scaling the configuration by reducing the effort required to add resources; simply add a new server to the BIG-IP load balancing pool.

The following diagram shows the network topology of the configuration described in this guide.

 

Download Deployment Guide

 

 

Connect with F5

F5 Labs

The latest in application threat intelligence.

DevCentral

The F5 community for discussion forums and expert articles.

F5 Newsroom

News, F5 blogs, and more.