Change severity for sod log messages

Question

I need to change the severity for some log messages from the sod service.
The ones I'm looking for are currently issued with severity notice and I want to increase this to warning.
I already found the list of several db variables to change the severity for different areas, but there isn't any such variable for sod.
Then I found the mapping table in /etc/alertd/bigip_sod_error_maps.h and I tried to change the severity in that file for the specific error message to warning. I also issued a restart of the alertd.
But the message is still being logged with severity notice.
So the question is, where and how can I change this behavior. Preferable a solution which is at least reboot safe and if possible also software upgrade safe.
Thank you!

Regards Stefan :)

jmtaylor · Answer

Stefan_Klotz​ &nbsp;
&nbsp;
I was able to dig up&nbsp; some information for your question Stefan. I&nbsp; used AI to format the information&nbsp;
Based on the available F5 documentation, it is not possible to change the severity of SOD (Switchover Daemon) log messages from "notice" to "warning" using a database variable or by editing a mapping file in a way that is persistent and supported.
Key points from the documentation:

According to KB K000150405: F5OS-A The priority and severity of a log message are not the same, the log level (priority) and alarm severity are different and are not 1-to-1 mapped. The log message's priority (e.g., "notice") is not directly controlled by a user-accessible setting, and there is no supported method to remap these for SOD logs. The article explicitly states there are no recommended actions for changing this behavior.Source:&nbsp;K000150405 F5OS-A The priority and severity of a log message are not the same
There is no mention in the official documentation or CLI guides of a supported, persistent, or upgrade-safe method to change the severity of SOD log messages. Editing internal mapping files is not supported and may be overwritten by upgrades or reboots.
The "remote logging severity attribute" (see KB K9577) only applies to ASM remote logging profiles and does not affect local log message severity or SOD logs.Source:&nbsp;Legacy Content&nbsp;K9577 The remote logging severity attribute
No db variables exist for SOD log severity, as you have already discovered.

In summary:There is no supported, persistent, or upgrade-safe method to change the severity of SOD log messages from "notice" to "warning." Any changes made to internal files are likely to be reverted by system updates or reboots, and are not recommended or supported by F5.
If you have a specific operational or compliance requirement, you may consider filtering or reclassifying these messages at your log aggregation/monitoring system (e.g., syslog server, SIEM) rather than on the F5 device itself.
If you need further assistance or have a specific use case, please provide more details.
References:

K000150405 F5OS-A The priority and severity of a log message are not the same
Legacy Content&nbsp;K9577 The remote logging severity attribute

Forum Discussion

Change severity for sod log messages

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

AST Configuration Assistance

Identify which virtual servers are using a specific SSL certificate

APM VPN LDAP POOL can't contact ldap server.

Users account sessions mixed up..

Related Content

Load Balancing TCP TLS Encrypted Syslog Messages

Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall

Performance optimalization of message based load balancing.

FIX Message Response

Protect an application spread across several locations with F5 XC WAAP and Multi-Cloud Networking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS