admin activity logs for load balancer

Question

Hi Guys,&nbsp;
Is there any log that show what admin is doing ? ie execute what command.&nbsp;
One of my customer is facing issue where suddenly their cert all removed/deleted, so we want to know if there is anyone login to the F5 and remove it purposely.&nbsp;
Thanks,&nbsp;

jaikumar_f5 · Answer

Every thing gets logged as long as proper logging is turned on.
By default the CLI logging gets logged as per default settings. But if the change was done through GUI, you may need to have the db config.auditting value enabled to see the GUI made changes.
In versions prior to BIG-IP 11.6.0, audit logging for BIG-IP configuration changes is disabled by default.In version above 11.6, the db config.auditting  is enabled by default.
To know if your BIGIP is configured to capture the GUI changes, run the below command,
tmsh list /sys db config.auditing value
To check your logs,
less /var/log/audit | grep less /var/log/audit | grep 
In case the logs have been rotated, you may need to check on the other audit files,
ls -ltrh /var/log/audit*
This would list out the number of audit files thats present on your box with dates.
You can use zcat/zless to open the gz files.
zcat /var/log/audit* | grep zcat /var/log/audit* | grep

Forum Discussion

admin activity logs for load balancer

Recent Discussions

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Especial Load Balancing Active-Passive Scenario (I)

Especial Load Balancing Active-Passive Scenario (II)

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Check active admin user sessions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS