Can't disable debug logging.

Question

I have a couple of VIPs using an iRule for persistence. If I set debug to "0" (disabled) it just keeps on logging, even if I comment out the log lines. It just doesn't want to obey, what gives? Anyone ever seen this? It's flooding my logs.
(/S2-green-P:Active)(/Common)(tmos) list ltm virtual *RAD* profiles persist 
ltm virtual VIP-SGPNH-NACVIP001.AP.XOM.COM-RADIUS-ACCOUNTING {
    persist {
        radius-mac-sticky {
            default yes
        }
    }
    profiles {
        radiusLB {
            context all
        }
        udp {
            context all
        }
    }
}
ltm virtual VIP-SGPNH-NACVIP001.AP.XOM.COM-RADIUS-AUTH {
    persist {
        radius-mac-sticky {
            default yes
        }
    }
    profiles {
        radiusLB {
            context all
        }
        udp {
            context all
        }
    }
}

(cfg-sync In Sync)(/S2-green-P:Active)(/Common)(tmos) list ltm persistence universal radius-mac-sticky 
ltm persistence universal radius-mac-sticky {
    app-service none
    defaults-from universal
    match-across-services enabled
    rule radius-mac-sticky
}

(cfg-sync In Sync)(/S2-green-P:Active)(/Common)(tmos) list ltm rule radius-mac-sticky 
ltm rule radius-mac-sticky {
     ISE persistence iRule based on Calling-Station-Id (MAC Address) with fallback to NASIP-Address as persistence identifier

when CLIENT_DATA {
      0: No Debug Logging 1: Debug Logging
     set debug 1

Persist timeout (seconds)
     set nas_port_type [RADIUS::avp 61 "integer"]
     if {$nas_port_type equals "19"}{
     set persist_ttl 3600
     if {$debug} {set access_media "Wireless"}
     } else {
     set persist_ttl 28800
     if {$debug} {set access_media "Wired"}
     }

If MAC address is present - use it as persistent identifier
      See Radius AV Pair documentation on https://devcentral.f5.com/wiki/irules.RADIUS__avp.ashx

if {[RADIUS::avp 31] ne "" }{
     set mac [RADIUS::avp 31 "string"]

Normalize MAC address to upper case

set mac_up [string toupper $mac]
     persist uie $mac_up $persist_ttl
     if {$debug} {
               set target [persist lookup uie $mac_up]
               log local0.alert "Username=[RADIUS::avp 1] MAC=$mac Normal MAC=$mac_up MEDIA=$access_media TARGET=$target"
          }
     } else {
          set nas_ip [RADIUS::avp 4 ip4]
          persist uie $nas_ip $persist_ttl
          if {$debug} {
               set target [persist lookup uie $nas_ip]
               log local0.alert "No MAC Address found - Using NAS IP as persist id. Username=[RADIUS::avp 1] NAS IP=$nas_ip MEDIA=$access_media TARGET=$target"
             }
       }
}
}

cjunior · Answer

Hello,
I think it's a normal behavior. The iRule update will work just to new connections.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-irules-concepts-11-6-0/3.html&nbsp;
Note: When you make a change to an iRule with persistance, if there is already a connection in the connection table, the change does not take effect until the connection has expired. The same is true when you enable logging for the iRule and then change the iRule (or alter the logging message itself).&nbsp;
Regards.&nbsp;

Forum Discussion

Can't disable debug logging.

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

threat hunting guide

Webtop which has VNC for macos users

Floating IP responds from wrong VLAN/trunk

Related Content

F5 Distributed Cloud Telemetry (Logs) - Loki

F5 Distributed Cloud Telemetry (Logs) - ELK Stack

Disable ASM illegal HTTP status response logging

Logging DNS Requests

Disable below cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS