Forum Discussion

henry_kay_36032's avatar
Icon for Nimbostratus rankNimbostratus
Sep 22, 2011

interpreting logs

hi guys, i am wondering how do i interpret the following logs? the obvious ones i understand such as date, time, etc but the others such as "" , i am having difficulties understanding them.



Is there a syntax manual for reading the logs available??



would appreicate any help given.



thanks in advance.



2011-08-30 00:00:56Local6.Info192.168.145.41Aug 30 00:00:58 local/SGDC2SE1LB01 info logger: [ssl_req][30/Aug/2011:00:00:58 +0800] TLSv1 DHE-RSA-AES256-SHA "POST /iControl/iControlPortal.cgi HTTP/1.1" 437


2011-08-30 00:00:59Cron.Info192.168.145.41Aug 30 00:01:01 local/SGDC2SE1LB01 info crond[11759]: (root) CMD (run-parts /etc/cron.hourly)


2011-08-30 00:01:59Cron.Info192.168.145.41Aug 30 00:02:01 local/SGDC2SE1LB01 info crond[11854]: (syscheck) CMD (/usr/bin/system_check -q)


2011-08-30 00:29:56System0.Debug192.168.145.41Aug 30 00:29:59 local/SGDC2SE1LB01 debug httpd[9372]: pam_bigip_authz: pam_sm_authenticate returning status SUCCESS

6 Replies

  • Hamish's avatar
    Icon for Cirrocumulus rankCirrocumulus is the facility (Local6) and level (Info) of the log message (Google syslog for info on facilities and levels for syslog)



    The rest of that line seems to be the client IP (, ecryption standard (TLSv1), encryptino level (AES256 using SHA hashing and an RSA key with diffie helman I think), and the "POST ..." tells you the method, URI and HTTP version requested via iControl returning 437 Bytes...



    The crond lines are from crond (Google crond for an indepth explanation, but it runs processes at regular intervals. This one is crunning cron.hourly and doing a system check. The number in brackets after crond is the processID that was running.



    The last one is a message from httpd (Apache). Telling you a user was authenitcated via PAM (Pluggable Authentication module) successfully...



    Probably not a single manual for all that... Not that i've seen anyway, but syslog is your first port of call it'll explain the general syslog line format. And from that you can find which app/program is logging and find out its log format separately.



  • Hi



    How can i disable this kind of notifications?i mean icontrol DHE-RSA .......


    I have a lot of lines on my syslog.



    Best regards


  • Here you go:



    sol9442: Suppressing peer iControl access message logging




  • Hi



    I stil have the messages:



    info logger: [ssl_acc] - admin [01/Dec/2011:14:32:43 +0100] "POST /iControl/iControlPortal.cgi HTTP/1.1" 200 437



    from my both F5



    any ideas please?





  • have you done sol9442 but the message is still generated?



    if yes, can you post output of "b syslog include" command?