Forum Discussion

Cirrus

Jul 18, 2024

AFM deny log level

Hello, not sure if it possible, we have AFM and high speed logging forwarding deny logs to a syslog server. We seen that the syslog level is local0.info. Is it possible to change it to another ...

AFM Logging

Seattle2k

Employee

Jul 18, 2024

Hi Man_Yau. Need more information, please.

Do you mean, you only want logs with level 'warning' (and lower) to be sent to the syslog server? Is local0.info being set within an iRule?

Have you checked the configuration of the Log Filter? (System > Logs > Configuration > Log Filters). Specifically, the Severity setting.

The severity level that you select includes all of the severity levels that display above your selection in the list. For example, if you select

Emergency, the system publishes only emergency messages to the log.

If you select Critical, the system publishes critical, alert, and emergency-level messages in the log.

Man_Yau

Cirrus

Jul 22, 2024

Hi Seattle2k,

local0.info is what we seen in our syslog server and we dont have an irule for setting log level, so i assume it is standard by F5. I'm trying to see if i got it higher to warning level.

I have just checked that settings, but which is source should i select? There is too many that i can choose from, but with the log filers, are we able to change the log level from info to warning?

Seattle2k
Employee
Mar 26, 2025
I think you are confusing terminology.

local0.info is the "syslog facility", not the level.

As for 'source', select the system processes from which messages will be sent to the log.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

AFM deny log level

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Level up your F5 Distributed Cloud WAAP Ops

Introduction to F5 BIG-IP Advanced Firewall Manager (AFM)

F5 BIG-IP AFM and FireMon Integration Guide

Enriching AFM with public domain Threat Intelligence

Implementing SSL Orchestrator - High Level Considerations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS