Forum Discussion

Nimbostratus

May 05, 2010

Audit logging

Hi I've configured an external syslog, and I'm getting the syslog full of messages like this: httpd[12864]: 01070417:0: AUDIT - user admin - RAW: httpd(mod_auth_pa...

management

monitoring

hoolio

Cirrostratus

May 24, 2011

Hi Jeff,

I think this should work, but I'd test it on a test unit first.

Add this to a temp file named syslog.inc


syslog include "
destination d_messages {
   file("/var/log/messages" create_dirs(yes));
   udp(\"10.0.0.1\" port (514));
};
destination d_audit {
   file("/var/log/audit" create_dirs(yes));
   program("/usr/bin/audit_forwarder");
   udp(\"10.0.0.1\" port (514));
};
destination d_ltm {
   file("/var/log/ltm" create_dirs(yes));
   udp(\"10.0.0.1\" port (514));
};"

Then load it into memory:

bpsh < syslog.inc

Test to verify the configuration is working.

If it does, then run:

b save all

If it does not, run:

b syslog include none

b save all

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Audit logging

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Logging/Audit Binary Execution?

BIGIP ASM audit logging

Auditing Security Policy Updates

Audit WAF changes

Quantum Computer decrypt RSA, Bitcoin PQC, Solidity audit tool, Meaningless threat

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS