Log message code list?

Question

SOL16197: Reviewing BIG-IP log files describes local traffic log message format as:
Message code is split into:
Message code: The code that is associated with the message. The code is comprised of the following sub-codes:

Product Code: The first two hex digits form the product code. For example, 0x01 is the BIG-IP product code.
Subset Code: The third and fourth hex digits are the subset code. For example, 0x2a is the subset code for LIBHAL.
Message Number: The next four digits form the message number within a module.
Severity Level: The last digit between the colon symbols is the severity level, with 0 being the highest severity level.

Are the Product and Subset codes listed anywhere? Would help in processing log messages further in Splunk or similar tool.

arindam_novell_ · Answer

I too have the same question for parsing in a SIEM solution. Is there any comprehensive list?

Did you get any information on this?

thanks

Arindam

thi · Answer

Unfortunately no answer so far. Think we need to raise a ticket to support.

seamlessfirework · Answer

I know this thread is old, but I had the same question today. I raised a ticket to support.

seamlessfirework · Answer

Hey guys,I got an answer from support. There you go:&nbsp;https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/log-messages.htmlBut the documentation is incomplete. I was searching for IDs like&nbsp;01870044 (APM stuff) but could not find anything. I asked support to complete the list. I'll keep you posted.

seamlessfirework · Answer

I got an answer from the support. They opened an issue:

(Bug alias 894213) DOC - Include APM log messages into Error Catalog (log-messages.html

Beside that the support gave me the following workaround which is quite good imho:

"For example, if you wish to get more info about mentioned codes we will see that the first log is generated for Access policy per-request logging agent and the second log is for APM oAuth agent:

# cat /run/bigip_error_maps.dat | grep '01870023\|01490291'

1 LOG_NOTICE 01870023 BIGIP_ACCESSPERREQUEST_ACCESS2_LOGGING_AGENT "%s:%s:%.*s: %.*s"

1 LOG_NOTICE 01490291 BIGIP_ACCESSCONTROL_APDNOTICE_OAUTH_AGENT_SUCCESS "%s:%s:%s:%s: OAuth %s: succeeded for %s '%s'%s %s%s" "

The content of the dat file seems to include all log message ids the BIG-IP can put into the log files. HTH

Forum Discussion

Log message code list?

5 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Load Balancing TCP TLS Encrypted Syslog Messages

Re: iRules Editor with Visual Studio Code

Wiz, Heathrow, Vibe Coding and 23andMe

F5 402 Exam reading list and notes

Live Coding with iRules - Heatmaps!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS