Forum Discussion
Ayyway to have entries written to /var/log/ltm to a external syslog server?
Hi,
Our company has made the decision to move our various web sites into the cloud. Our cloud provider has given us a partition on some form of BigIP running ver 11. Even though we have "manager" access to our paritition we cannot access the ltm log files either via the GUI interface or via shell, in fact we have no ssh access either. Normally on our pair of LTMs I would have a tail running on /var/log/ltm to help in debugging iRules, esp any TCL related errors. The only suggestion the cloud provider had was to tell us to setup a syslog server and redirect the ltm logs to the syslog server. Well I have setup a syslog server but when I asked for help in having the ltm logs for our paritition I redirected, there has been complete silence. So I thought I would ask here.
I have looked on the wiki and there are quite a few topics on have log entried written to a external syslog server, and I have done some simple log statements to do this, but this is not quite what I need because I would like to see TCL errors as well and I can't see any way to log these. So I guess if it can be done it's now from an iRule, or it can't be done. So is it possible?
tia
Craig
- hoolioCirrostratusHi Craig,
- nitassEmployee
this is my testing.
LTM 9.4.2+: Custom Syslog Configuration by Deb
https://devcentral.f5.com/s/articles/LTM-9-4-2-Custom-Syslog-Configuration
[root@ve10:Active] config b syslog include SYSLOG - Include Data: none [root@ve10:Active] config b syslog include '" > destination remote_server { > udp(\"192.168.206.55\" port (514)); > }; > filter f_rule { > match(\"_rule\"); > }; > log { > source(s_syslog_pipe); > filter(f_local0); > filter(f_rule); > destination(remote_server); > };"' [root@ve10:Active] config b syslog include SYSLOG - Include Data: destination remote_server { udp("192.168.206.55" port (514)); }; filter f_rule { match("_rule"); }; log { source(s_syslog_pipe); filter(f_local0); filter(f_rule); destination(remote_server); }; [root@ve10:Active] config b rule test_rule list rule test_rule { when CLIENT_ACCEPTED { set test "HTTP::uri" eval $test } /var/log/ltm Jul 4 12:43:03 local/tmm err tmm[5111]: 01220001:3: TCL error: test_rule - Operation not supported (line 2) invoked from within "HTTP::uri" ("eval" body line 1) invoked from within "eval $test" syslog C:\>nc -l -u -p 514 <131>Jul 4 12:43:03 local/tmm err tmm[5111]: 01220001:3: TCL error: test_rule - Operation not supported (line 2) invoked from within "HTTP::uri" ("eval" body line 1) invoked from within "eval $test"
- CraigM_17826Altocumulus
Thanks for the quick replies. One more question, if I get this going, will only entries relating to our partition be captured or will I see entries from all partitions on this LTM? At the moment there is only one other company. It was explained to me that the reason why they wouldn't give me LOG access was because I would see log entries from other users in different partitions. So is there a way I can filter out entries only relating to our paritiion to keep them happy?
- nitassEmployeein my example, i filter log by using part of irule name i.e. "_rule". i am not sure if partition name is included in log. if yes, we use partition name to filter log.
- CraigM_17826Altocumulus
Hi Nitass and Hoolio,
Craig
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com