Forum Discussion
THE_BLUE
Cirrostratus
CirrostratusApplicaton security logs stopped
There is no logs received from ASM, how to solve it ? And how to check the utilization?
You can't view /var/log/ts/pabnagd.log?
Is it a permission issue, no bash access? Or you did not know where the file is located?
Did you check that your BIG-IP version is matching the versions listed in "Applies to (see versions):" in K93091504?
Also yesterday you mentioned that "mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "select COUNT(*) from PRX.REQUEST_LOG"" returned a count of 0. Did you recently update the box? Even in my lab machines I have a count of >1000.
Daniel_Wolf
MVP
MVPTry
tmsh show sys service
THE_BLUECirrostratus
Cirrostratusno asmlogd is listed when above command execute, but for asm is running.
- Daniel_Wolf
Yes, this looks OK. At least it's running.
Do you see anything odd in the log?
Did you check the steps and values mentioned in K05372587 and K06821426?
- Daniel_Wolf
Also, since remote logging is working, there are two more simple checks you could perform.
- Did you create qkview and upload to ihealth? If yes, did this reveal something obvious?
- Do you have a cluster? Can you do a failover and check if local logging is working on the other node?
- Daniel_Wolf
Check like this
ps | grep asmlogd tail -f var/log/ts/asmlogd.log - THE_BLUE
I got sth like
9237 ? S< 308:12 /usr/bin/perl /usr/share/ts/bin/asmlogd
16505 pts/0 S+ 0:00 grep asmlogd
- THE_BLUE
I have run below command
mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "select COUNT(*) from PRX.REQUEST_LOG"
In active node : count 0
and in standby : count 5xxx
so it seems the issue with the active node, i will try to offline the active node to double check.
- THE_BLUE
when the active node forced to be standby , the logs are display on the other node and works as expected. so the issue with the node, but how to investigate the root cause and how to solve it?
- Daniel_Wolf
I have mentioned a couple of steps above.
- Qkview and upload to ihealth
- Check var/log/ts/asmlogd.log
- Check if, maybe, you are affected by a known issue like: K93091504: Cannot see any event logs for BIG-IP ASM. Security logging stopped working or similar issues.
- Open a case with F5
- THE_BLUE
restart asmlogd will cause any issue ?
pkill -f pabnagd
and pkill -f asmlogd
or better to use tmsh restart /sys service asm ?
- Daniel_Wolf
If this node is still in standby, it is safe to apply this procedure.
However, I am from the school that would rather like to figure out the root cause before I restart daemons. Did you find any log entry that points to a known bug, that can be worked around by restarting pabnagd and asmlogd?
- THE_BLUE
according to https://support.f5.com/csp/article/K93091504 it might be the issue ,
but i'm not able to view pabnagd.log to check if there is any warning.
However, in security > Event Logs > Application > Requests it display empty no message is displayed.