Forum Discussion
nitass
Employee
I want to send only LTM and Audit Logs (admin activities) to remote syslog server. How I can filter the syslog setting.
can you try something like this? it filters ltm (local0) and audit logs.
sol13333: Filtering log messages sent to remote syslog servers (11.x)
https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13333.htmlroot@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys syslog include
sys syslog {
include "
destination d_remote_loghost {
udp(\"172.28.24.1\" port(514));
};
log {
source(s_syslog_pipe);
filter(f_local0);
filter(f_no_audit);
filter(f_no_msgbusd);
filter(f_no_icrd);
filter(f_no_urlfilter);
filter(f_no_ipsec);
destination(d_remote_loghost);
};
log {
source(s_syslog_pipe);
filter(f_audit);
destination(d_remote_loghost);
};
"
}
ghost-rider_124
Dec 24, 2014Nimbostratus
Hi Nitass
Thanks for the reply. Could you please let me know what is f_local0 and so on. These are keywords?