Forum Discussion
AltocumulusLogging to a different local facility?
This is going to be difficult for me to explain but Ill do my best..
I have a scenario where I want to take all my logs and log it to a different facility on the remote syslog. Im trying to send all my traffic to a syslog device but instead of having all of the traffic mixed up (from multiple sources) and filter it on the syslog... i have been asked to make all my LTM logs to local5. In this case, the syslog device has a script to put the local5 traffic in a specific folder for LTM. For example, local1 is routers, local2 is switches... local5 is LTM.
How do I make this change? Is it syslog-ng? Im looking for anything to key off of so I can googlefu it but Im missing the appropriate syntax or something because Im just not finding it.
Overall goal:
-
Change all logs to local5.
-
Limit what gets logged to local5.
2a. major errors get logged to local5.
2b. all changes get logged to local5.
TIA
1 Reply
What_Lies_Bene1Cirrostratus
Hmmm, the local5 facility is used for local logging of packet filter messages. However, I'm sure you could do something smart with syslog-ng, which is what is used by TMOS. Some customer destinations and filters and the like should do the trick.
You can find manuals here: http://www.balabit.com/support/documentation.
Be aware that the F5 configuration will be slightly different and you need to be careful that your changes are not overwritten. This will help you in some way I'm sure: https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13333.html.
Either way, this is going to be quite a job!
