LTM Syslog filter help

Hi all Today I have a problem that filter not send:

Device HA state: Active / StandBy
Device Interface Down info

I know that all these Alerts in Info level

This is my filter:

sys syslog {
    include "
    filter Local0_error_above {
facility(local0) and level(error..emerg);
};
destination sys-dmz {
udp(\"a.b.c.d\" port(514));
};
log {
source(s_syslog_pipe);
filter(Local0_error_above);
destination(sys-dmz);
};
"
}

I tried to change the filter to

sys syslog {
    include "
    filter Local0_error_above {
facility(local0) and level(error..emerg);
};
    filter sod {
facility(local0) and match(\"sod\");  <== for sod service alerts (HA alerts)
};
    filter interface {
facility(local0) and match(\"Interface\");   <===for inteface downalerts - match word "Interface" and send alert to syslog
};
destination sys-dmz {
udp(\"a.b.c.d\" port(514));
};
log {
source(s_syslog_pipe);
filter(Local0_error_above);
filter(sod);
filter(interface);
destination(sys-dmz);
};
"
}

Save sys config reload the syslog-ng service and this is not work not send my filter regard sod service and Interface why it is not work ?

Thanks for help

Forum Discussion

LTM Syslog filter help

Recent Discussions

SNI Sites not taking correct certificate.

How to Renew F5 Device Certificate

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

Load Balancing TCP TLS Encrypted Syslog Messages

I want to exclude the character ) in syslog filter.

LTM 9.4.2+: Custom Syslog Configuration

BIG-IP to Process TLS Syslog Traffic

BIG-IP syslog include

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS