Forum Discussion

THi_89722's avatar
THi_89722
Icon for Nimbostratus rankNimbostratus
Oct 14, 2015

Log message code list?

SOL16197: Reviewing BIG-IP log files describes local traffic log message format as:

Message code is split into:

Message code: The code that is associated with the message. The code is comprised of the following sub-codes:

  • Product Code: The first two hex digits form the product code. For example, 0x01 is the BIG-IP product code.
  • Subset Code: The third and fourth hex digits are the subset code. For example, 0x2a is the subset code for LIBHAL.
  • Message Number: The next four digits form the message number within a module.
  • Severity Level: The last digit between the colon symbols is the severity level, with 0 being the highest severity level.

Are the Product and Subset codes listed anywhere? Would help in processing log messages further in Splunk or similar tool.

  • I got an answer from the support. They opened an issue:

    (Bug alias 894213) DOC - Include APM log messages into Error Catalog (log-messages.html

    Beside that the support gave me the following workaround which is quite good imho:

    "For example, if you wish to get more info about mentioned codes we will see that the first log is generated for Access policy per-request logging agent and the second log is for APM oAuth agent:

    # cat /run/bigip_error_maps.dat | grep '01870023\|01490291'

    1 LOG_NOTICE 01870023 BIGIP_ACCESSPERREQUEST_ACCESS2_LOGGING_AGENT "%s:%s:%.*s: %.*s"

    1 LOG_NOTICE 01490291 BIGIP_ACCESSCONTROL_APDNOTICE_OAUTH_AGENT_SUCCESS "%s:%s:%s:%s: OAuth %s: succeeded for %s '%s'%s %s%s" "

    The content of the dat file seems to include all log message ids the BIG-IP can put into the log files. HTH

  • THi's avatar
    THi
    Icon for Nimbostratus rankNimbostratus
    Unfortunately no answer so far. Think we need to raise a ticket to support.
  • I too have the same question for parsing in a SIEM solution. Is there any comprehensive list? Did you get any information on this? thanks Arindam