LogLogic Support for IPv6

LogLogic supports IPv6 implementation.

  • Native connectivity to log sources.
  • Regex and Index searches.
  • Parsed reports against IPv6 Log Sources.
  • Collection of IPv6 data from LogLogic® Universal Collector 2.6 and later.
  • Network configuration:

    IPv6 and IPv4 addresses can be assigned to the same or different interfaces.

    Note: Dual stack IPv6 support is not available for HA VIP interface.
  • Collection from IPv4 sources by an appliance with an IPv6 address:

    Direct collection is only possible if the appliance is accessible from an IPv4 address; either by assigning an appropriate v4 address, or by providing network address translation externally. In the case of external translation, the source address reported for the source devices is entirely dependent on the external translation performed.

  • Forwarding log messages between IPv4 and IPv6:

    Forwarding from an IPv6 addressable appliance to an IPv4-only appliance is only possible if the forwarding appliance has v4 connectivity; either by assigning an appropriate v4 address, or by providing external network address translation.

    Apparent source address of traffic forwarded to an IPv4 address:

    • IPv4 source: any protocol: will always appear as the original source address, but an IPv6 notation will be added as a prefix.
    • IPv6 source: lltcp LogLogic LMI >= 5.6: will appear as the original source address.
    • IPv6 source: lltcp LogLogic LMI < 5.6: will appear as the last 4 bytes of the original source address.
    • IPv6 source: syslog: will appear as the last 4 bytes of the original source address.

    Apparent source address of traffic forwarded to an IPv6 address:

    • IPv6 source: any protocol: will always appear as the original source address.
    • IPv4 source: lltcp LogLogic LMI >= 5.6: will appear as the original source address.
    • IPv4 source: lltcp LogLogic LMI < 5.6: not applicable.
    • IPv4 source: syslog: should appear as the original source address, this is not recommended (relies on theoretically illegal v4-mapped IPv6 source address in UDP packets) as some network routers may choose to discard such packets.
  • Display of IPv4 source addresses:

    In most cases IPv4 addresses are displayed, emailed, or reported in their traditional dotted-decimal notation. The following exceptions exist (displayed as v4-mapped addresses in V6 notation):

    • Real-time viewer
    • recent messages
    • unapproved messages
    • address appearing in the automatically generated names of auto discover devices
    • address appearing in backup file names
  • IPv6 addresses for external servers:

    The following external services are supported with IPv6 addresses:

    • NFS and SCP backup
    • NFS and SCP archival
    • NTP
    • DNS (including resolution of names to v6 addresses)
    • SMTP
    • Active Directory
  • Static routes:

    LogLogic LMI v5.6 supports both v4 and v6 static routes.

IPv6 addresses not supported for:

  • Checkpoint LEA
  • Parsing of address strings within log messages
  • Global groups
  • Replay
  • Centerra Archival
  • Cisco IPS
  • TIBCO LogLogic® Compliance Manager version 2.1.0