Can't disable debug logging.

Question

I have a couple of VIPs using an iRule for persistence. If I set debug to "0" (disabled) it just keeps on logging, even if I comment out the log lines. It just doesn't want to obey, what gives? Anyone ever seen this? It's flooding my logs.
(/S2-green-P:Active)(/Common)(tmos) list ltm virtual *RAD* profiles persist 
ltm virtual VIP-SGPNH-NACVIP001.AP.XOM.COM-RADIUS-ACCOUNTING {
    persist {
        radius-mac-sticky {
            default yes
        }
    }
    profiles {
        radiusLB {
            context all
        }
        udp {
            context all
        }
    }
}
ltm virtual VIP-SGPNH-NACVIP001.AP.XOM.COM-RADIUS-AUTH {
    persist {
        radius-mac-sticky {
            default yes
        }
    }
    profiles {
        radiusLB {
            context all
        }
        udp {
            context all
        }
    }
}

(cfg-sync In Sync)(/S2-green-P:Active)(/Common)(tmos) list ltm persistence universal radius-mac-sticky 
ltm persistence universal radius-mac-sticky {
    app-service none
    defaults-from universal
    match-across-services enabled
    rule radius-mac-sticky
}

(cfg-sync In Sync)(/S2-green-P:Active)(/Common)(tmos) list ltm rule radius-mac-sticky 
ltm rule radius-mac-sticky {
     ISE persistence iRule based on Calling-Station-Id (MAC Address) with fallback to NASIP-Address as persistence identifier

when CLIENT_DATA {
      0: No Debug Logging 1: Debug Logging
     set debug 1

Persist timeout (seconds)
     set nas_port_type [RADIUS::avp 61 "integer"]
     if {$nas_port_type equals "19"}{
     set persist_ttl 3600
     if {$debug} {set access_media "Wireless"}
     } else {
     set persist_ttl 28800
     if {$debug} {set access_media "Wired"}
     }

If MAC address is present - use it as persistent identifier
      See Radius AV Pair documentation on https://devcentral.f5.com/wiki/irules.RADIUS__avp.ashx

if {[RADIUS::avp 31] ne "" }{
     set mac [RADIUS::avp 31 "string"]

Normalize MAC address to upper case

set mac_up [string toupper $mac]
     persist uie $mac_up $persist_ttl
     if {$debug} {
               set target [persist lookup uie $mac_up]
               log local0.alert "Username=[RADIUS::avp 1] MAC=$mac Normal MAC=$mac_up MEDIA=$access_media TARGET=$target"
          }
     } else {
          set nas_ip [RADIUS::avp 4 ip4]
          persist uie $nas_ip $persist_ttl
          if {$debug} {
               set target [persist lookup uie $nas_ip]
               log local0.alert "No MAC Address found - Using NAS IP as persist id. Username=[RADIUS::avp 1] NAS IP=$nas_ip MEDIA=$access_media TARGET=$target"
             }
       }
}
}

cjunior · Answer

Hello,
I think it's a normal behavior. The iRule update will work just to new connections.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-irules-concepts-11-6-0/3.html&nbsp;
Note: When you make a change to an iRule with persistance, if there is already a connection in the connection table, the change does not take effect until the connection has expired. The same is true when you enable logging for the iRule and then change the iRule (or alter the logging message itself).&nbsp;
Regards.&nbsp;

Forum Discussion

Can't disable debug logging.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Disabling Weak Ciphers

Logging DNS Requests

Disable ASM illegal HTTP status response logging

Disable below cipher

Disable Inter-VLAN Routing?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS