For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

igorzhuk's avatar
igorzhuk
Icon for Altostratus rankAltostratus
Dec 13, 2018

LTM Syslog filter help

Hi all Today I have a problem that filter not send:

  • Device HA state: Active / StandBy
  • Device Interface Down info

I know that all these Alerts in Info level

This is my filter: 

sys syslog {
    include "
    filter Local0_error_above {
facility(local0) and level(error..emerg);
};
destination sys-dmz {
udp(\"a.b.c.d\" port(514));
};
log {
source(s_syslog_pipe);
filter(Local0_error_above);
destination(sys-dmz);
};
"
}

I tried to change the filter to 

sys syslog {
    include "
    filter Local0_error_above {
facility(local0) and level(error..emerg);
};
    filter sod {
facility(local0) and match(\"sod\");  <== for sod service alerts (HA alerts)
};
    filter interface {
facility(local0) and match(\"Interface\");   <===for inteface downalerts - match word "Interface" and send alert to syslog
};
destination sys-dmz {
udp(\"a.b.c.d\" port(514));
};
log {
source(s_syslog_pipe);
filter(Local0_error_above);
filter(sod);
filter(interface);
destination(sys-dmz);
};
"
}

Save sys config reload the syslog-ng service and this is not work not send my filter regard sod service and Interface why it is not work ?

Thanks for help

application delivery
devops
LTM
TMSH
No RepliesBe the first to reply