Forum Discussion
MB_58262
Nimbostratus
NimbostratusHow to turn off info logger from going to remote syslog server
I configured syslog-ng on the F5 LTM (10.2.1) to send system related log entries and iRule generated logs to a remote server. However, I do see many uneeded log entries that I want to avoid going to ...
MB_58262Nimbostratus
Nimbostratus-- Thanks for pointing the article, I came across it during my research as well - Here is the configuration I tried - (Note, I narrowed down my log level to warnings and higher)
[root@HOSTNAME:/:Active] config b syslog include
SYSLOG - Include Data:
destination remote_server {
udp("x.y.z.w" port (514));
};
local0.* /var/log/ltm
filter f_local0 {
facility(local0) and level(warn..emerg);
};
filter f_no_audit {
not match("AUDIT");
};
destination d_ltm {
file("/var/log/ltm" create_dirs(yes));
};
log {
source(local);
filter(f_local0);
filter(f_no_audit);
destination(d_ltm);
destination(remote_server);
};
-- Still seeing "info logger, also I am seeing "crond", "snmpd" entries sent to the remote syslog server.
Apr 17 14:01:25 x.y.z.w Apr 17 11:21:10 slot1/HOSTNAME info logger: [ssl_req][17/Apr/2012:11:21:10 -0700] x.y.z.w SSLv3 RC4-SHA "GET /xui/update/configuration/alert/statusmenu?_=1334686775740 HTTP/1.1" 896
...
Apr 17 14:01:25 x.y.z.w Apr 17 11:20:01 slot1/HOSTNAME info crond[23196]: pam_unix(crond:session): session closed for user syscheck
...
Apr 17 14:01:25 x.y.z.w Apr 17 11:02:57 slot1/HOSTNAME debug snmpd[3977]: Connection from UDP/IPv6: [::ffff:...]:47201 REFUSED
...
-- I am trying to see if there are any syslog-ng filters which would avoid such entries (above) from going to the remote syslog server. Basically, better optimimization filtering options for syslog-ng. Currently, it is sending a lot of unwanted information via syslog (udp:514) such as log entries above.