Forum Discussion
Andy-didnt-like-uucp
Cirrus
Cirrusltm filter to allow audit to only remote syslog and without pollutins
hi guys need to send only audit syslogs to remote servers but w/o pollutions described in ID 880565 will below do the job as expected? thanks in advance include " filter f_audit{ match(AUDIT); ...
- 1-Log in to the Configuration utility. 2-Go to System > Logs > Configuration > Remote Logging. 3-For Remote IP, enter the destination syslog server IP address, or FQDN. (DNS server configuration required) 4-For Remote Port, enter the remote syslog server UDP port (default is 514). 5-Select Add. 6-Select Update.
refer
https://my.f5.com/manage/s/article/K56602501
https://my.f5.com/manage/s/article/K13080
- Andy-didnt-like-uucp
in reality, that "01420002:5: AUDIT - pid=20740 user=root folder=/ module=(tmos)# status=[Command OK] cmd_data=list cm device recursive" were polluting audit logs even with recommended configuration.
so, i introduced above config & it worked for me.
thanks
