How do I setup remote syslog for audit logs only on my f5 big IP

Question

How do I setup remote syslog for audit logs only on my f5 big IPI have tried using the gui but when I create a log destination, it won't let me forward to anything in the drop down box.cheers

cjunior · Answer

Hi,I use to setup this in TMSH command line:# edit /sys syslog
&nbsp;
modify syslog {
    include "
        filter f_audit {
           match('AUDIT');
        };
        destination d_syslog {
            udp(mysyslog.server.local port(504));
        };
        log {
           source(local);
           filter(f_audit);
           destination(d_syslog);
        };"
}You can run "modify" intead of "edit" like described here:https://support.f5.com/csp/article/K13080Regards.

Forum Discussion

How do I setup remote syslog for audit logs only on my f5 big IP

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

remote SYSlog setup

Load Balancing TCP TLS Encrypted Syslog Messages

F5 Sending syslogs with two hostname to remote syslog server

BIG-IP syslog include

Integrate F5 Distributed Cloud remote logging with ELK

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS