Logging Specific Message to Syslog Server LTM 11.4.1

Hello,

I had to raise a ticket with F5 a couple of weeks ago as we were configuring this for the first time and I also had problems configuring this.

The GUI configuration options only apply to the local logging levels, so changes you make at the CLI for the remote logging filter will not be replicated in the GUI.

As per SOL13333, remember to enter the following command: modify /sys syslog remote-servers none

This clears the existing remote-servers configuration. I would recommend testing with the "info" logging level to ensure the remote syslog is working before filtering. I implemented this with "notice" and ended up raising another ticket with F5 when no logs were being sent, only to then find that the "notice" level messages don't fire very often. I quickly closed the F5 support ticket and apologized for my impatience. With a filter of warning to emergency, there will be very few messages generated.

We're still tuning our monitoring system at the moment but I can confirm that if a pool has no available members, this should generate an error level alert. Obviously not easy to replicate in a production environment but if you have a test VS, you could generate an alert by turning off the nodes behind it.

I would also recommend using the following tcpdump, unless that server is used for other purposes as well: tcpdump dst host 172.22.0.90

I hope this helps, Luke