Forum Discussion
Log message code list?
SOL16197: Reviewing BIG-IP log files describes local traffic log message format as:
Message code is split into:
Message code: The code that is associated with the message. The code is comprised of the following sub-codes:
- Product Code: The first two hex digits form the product code. For example, 0x01 is the BIG-IP product code.
- Subset Code: The third and fourth hex digits are the subset code. For example, 0x2a is the subset code for LIBHAL.
- Message Number: The next four digits form the message number within a module.
- Severity Level: The last digit between the colon symbols is the severity level, with 0 being the highest severity level.
Are the Product and Subset codes listed anywhere? Would help in processing log messages further in Splunk or similar tool.
I got an answer from the support. They opened an issue:
(Bug alias 894213) DOC - Include APM log messages into Error Catalog (log-messages.html
Beside that the support gave me the following workaround which is quite good imho:
"For example, if you wish to get more info about mentioned codes we will see that the first log is generated for Access policy per-request logging agent and the second log is for APM oAuth agent:
# cat /run/bigip_error_maps.dat | grep '01870023\|01490291'
1 LOG_NOTICE 01870023 BIGIP_ACCESSPERREQUEST_ACCESS2_LOGGING_AGENT "%s:%s:%.*s: %.*s"
1 LOG_NOTICE 01490291 BIGIP_ACCESSCONTROL_APDNOTICE_OAUTH_AGENT_SUCCESS "%s:%s:%s:%s: OAuth %s: succeeded for %s '%s'%s %s%s" "
The content of the dat file seems to include all log message ids the BIG-IP can put into the log files. HTH
Hey guys,
I got an answer from support. There you go: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/log-messages.html
But the documentation is incomplete. I was searching for IDs like 01870044 (APM stuff) but could not find anything. I asked support to complete the list. I'll keep you posted.
I know this thread is old, but I had the same question today. I raised a ticket to support.
- THiNimbostratusUnfortunately no answer so far. Think we need to raise a ticket to support.
- Arindam_Novell_NimbostratusI too have the same question for parsing in a SIEM solution. Is there any comprehensive list? Did you get any information on this? thanks Arindam
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com