Forum Discussion
Vikram_23_27012
Nimbostratus
Nimbostratusadmin activity logs for load balancer
Hi Guys,
Is there any log that show what admin is doing ? ie execute what command.
One of my customer is facing issue where suddenly their cert all removed/deleted, so we want to know if th...
jaikumar_f5
Noctilucent
NoctilucentEvery thing gets logged as long as proper logging is turned on. By default the CLI logging gets logged as per default settings. But if the change was done through GUI, you may need to have the db config.auditting value enabled to see the GUI made changes.
- In versions prior to BIG-IP 11.6.0, audit logging for BIG-IP configuration changes is disabled by default.
- In version above 11.6, the db config.auditting is enabled by default.
To know if your BIGIP is configured to capture the GUI changes, run the below command,
tmsh list /sys db config.auditing valueTo check your logs,
less /var/log/audit | grepless /var/log/audit | grep
In case the logs have been rotated, you may need to check on the other audit files,
ls -ltrh /var/log/audit*This would list out the number of audit files thats present on your box with dates. You can use zcat/zless to open the gz files.
zcat /var/log/audit* | grepzcat /var/log/audit* | grep
