Forum Discussion
JRahm
Admin
AdminiRule logging issue in 9.4.1 ??
I just upgraded a pair of LTM's to 9.4.1 from 9.1.2 HF5 and I no longer see my iRules (log local0. "xxx") logging to /var/log/ltm, or anywhere else for that matter. I checked to make sure mcpd logging was set to notice, and yet still no irule logs. I thought all logging was impacted, but I see audit logs now have their own file. Is this a no-brainer that someone else has experienced in the move from 9.1.x to 9.4.x, or should I press support? TIA...
Jason
3 Replies
hoolioCirrostratus
Hey Jason,
Was your /etc/syslog-ng/syslog-ng.conf file overwritten? Where is local0.info being directed to?
I haven't seen any issues on 9.4.0 with syslog-ng logging from iRules. By default, any messages containing the string AUDIT should be logged to /var/log/audit. All other local0 messages should go to /var/log/ltm. Here is an example:
local0.* /var/log/ltm
filter f_local0 {
facility(local0) and level(info..emerg);
};
destination d_ltm {
file("/var/log/ltm" create_dirs(yes));
};
log {
source(local);
filter(f_local0);
destination(d_ltm);
};
audit log /var/log/audit
filter f_audit {
facility(local0) and match("AUDIT");
};
destination d_audit {
file("/var/log/audit" create_dirs(yes));
};
log {
source(local);
filter(f_audit);
destination(d_audit);
};
Aaron- JRahmYeah, I checked the syslog-ng config file and all was fine. A /usr/bin/full_box_reboot did the trick. I hate it when my LTM behaves like my PC.
- JRahmYep, here's my progression:
bigstart restart syslog-ng
bigstart restart syslog & bigstart restart syslog-ng
bigstart restart
No dice with any of the above.
