F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

CarlT's avatar
CarlT
Icon for Altostratus rankAltostratus
Dec 02, 2019

How do I setup remote syslog for audit logs only on my f5 big IP

How do I setup remote syslog for audit logs only on my f5 big IP I have tried using the gui but when I create a log destination, it won't let me forward to anything in the drop down box. cheers
'remote' 'syslog'
application delivery
BIG-IP
LTM
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Dec 03, 2019

Hi,

I use to setup this in TMSH command line:

# edit /sys syslog
 
modify syslog {
    include "
        filter f_audit {
           match('AUDIT');
        };
        destination d_syslog {
            udp(mysyslog.server.local port(504));
        };
        log {
           source(local);
           filter(f_audit);
           destination(d_syslog);
        };"
}

You can run "modify" intead of "edit" like described here:

https://support.f5.com/csp/article/K13080

Regards.