Syslog VIP Addresses

Overview

The VIP addresses used to receive syslog traffic from monitored devices differ between on-premises and cloud deployments. For deployment types, do not send syslog traffic from your devices to your primary VIP.
For general information about sending syslogs, see Sending Additional Information using Syslog.

Syslogs for Cloud Deployments

For cloud VM deployments, such as Azure, where the install parameter --primary-vip is set to external, send syslog data to the IP of an external load balancer on the VM.

Commands to add, remove, and list syslog VIPs through the CLI are not supported for these deployments.

Syslogs for On-Premises Deployments

For on-premises deployments, where the parameter --primary-vip is set to an IP address on your network, send syslog data to a dedicated syslog virtual IP. You must set up at least one syslog VIP address for this purpose, as described in Syslog VIP Commands.

If you monitor more than 1,000 devices, sending syslog traffic from all devices to a single syslog VIP can create a bottleneck and degrade performance. We recommend defining an additional syslog VIP for every additional 1,000 devices you monitor.

All syslog VIPs must be on the same subnet as the primary VIP. There is no benefit in defining more syslog VIPs than the number of worker nodes in the cluster. Apply this recommendation independently to the central cluster and to each remote collector cluster.