For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jacob900_39797's avatar
jacob900_39797
Icon for Nimbostratus rankNimbostratus
May 09, 2007

logging to a file other than syslog??

Is there a command or example available that shows how to log information to a file other than syslog? I am working on a stats profile and would like to save the information in a specifically named file, csv style would be even better.

 

 

Thanks..
application delivery
dev
devops
iRules

4 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    May 09, 2007
    I like that line of thinking on 3, Joe...

     

     

    Regarding syslog-ng, note also that if you make changes to the configuration, you'll need to back it up prior to upgrades / hotfixes or it will get overwritten. Adding it to the cs.dat file caused problems on earlier versions in our environment (9.1.x)
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    May 10, 2007
    hoolio posted this great solution for logging selected data to alternate files via the default iRules facility by setting up appropriate filters and destinations: http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&forumid=5&postid=8888

    (Click here)

    Building on that, here's a syslog-ng.conf snip that would log the output from 2 different iRules to 2 different files, without duplicating to the ltm log:
     set up filter to log only messages from rule_A to LogA
 local0.* /var/log/LogA
filter f_LogA {
facility(local0) and match("rule_A");
};
destination d_LogA {
file("/var/log/LogA" create_dirs(yes));
};
log {
source(local);
filter(f_LogA);
destination(d_LogA);
};
 set up filter to log only messages from rule_B to LogB
 local0.* /var/log/LogB
filter f_LogB {
facility(local0) and match("rule_B");
};
destination d_LogB {
file("/var/log/LogB" create_dirs(yes));
};
log {
source(local);
filter(f_LogB);
destination(d_LogB);
};
 optionally modify default LTM log section to exclude those entries
 local0.* /var/log/ltm
filter f_local0 {
facility(local0) and level(info..emerg) and not match("rule_A") and not match("rule_B");
};
destination d_ltm {
file("/var/log/ltm" create_dirs(yes));
};
log {
source(local);
filter(f_local0);
destination(d_ltm);
};

    Sometime in 9.2 (9.2.3 I think?), the syslog-ng.conf was added to the backup roster & is now preserved thru an upgrade.

    You will need to restart syslog after updating the conf file by running
    bigstart restart syslog-ng
    at the command line.

    If the bigstart script fails to stop the daemon (i.e., it wasn't running because your last config errored out), bigstart will NOT try to start it, so you will need to run instead
    bigstart startup syslog-ng

    /deb
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    May 10, 2007
    ***NOTE: The above config is a PARTIAL syslog-ng.conf file. DO NOT replace your existing syslog-ng.conf file with only the above snip, or you will not be logging and alerting on a number of critical LTM functions.
  • jacob900_39797's avatar
    jacob900_39797
    Icon for Nimbostratus rankNimbostratus
    May 10, 2007
    Thanks everybody for all the replies. I think i have enough info to begin this project. Thanks again...