Forum Discussion

Altostratus

Dec 02, 2019

How do I setup remote syslog for audit logs only on my f5 big IP

How do I setup remote syslog for audit logs only on my f5 big IP I have tried using the gui but when I create a log destination, it won't let me forward to anything in the drop down box. cheers

Nacreous

Dec 03, 2019

Hi,

I use to setup this in TMSH command line:

# edit /sys syslog
 
modify syslog {
    include "
        filter f_audit {
           match('AUDIT');
        };
        destination d_syslog {
            udp(mysyslog.server.local port(504));
        };
        log {
           source(local);
           filter(f_audit);
           destination(d_syslog);
        };"
}

You can run "modify" intead of "edit" like described here:

https://support.f5.com/csp/article/K13080

Regards.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)