MCPD log level explanation

Question

Hey Folks,
I was quite searching multiple articles to see what these values changes mean ? But not much luck
(tmos) modify sys db log.mcpd.level value
Values:
  alert     crit      debug     emerg     err       error     info      notice    panic     warn      warning

From the Article I could know what is the default value (notice)
Also the below db change would help in getting GUI logging's right. Is it just restricted to GUI logging's are does it also effect other configuration changes too of cli.
(tmos) modify sys db config.auditing value
Values:
  all       disable   enable    verbose

Would combining both the above mentioned DB variables, what would be the effect. Please advise.

ed_summers · Answer

I may not entirely understand your question. Let me know if this doesn't help.&nbsp;
For your first question - those options (alert, crit, notice, etc..) for the most part are standard syslog severity levels. See the syslog Wikipedia page for some general info. The levels themselves are just guidelines and applications map their specific errors to each level based on how severe the app's specific error is.  F5 recently released a Log Messages List, but I am not aware of any reference that maps specific error messages to severity level.&nbsp;
Audit logging does cover config changes through the GUI and CLI. It also includes some system-level (non-user) config change events.&nbsp;
I'm not sure what you mean by combining those config changes. Basically each one allows you to control the level of logging for that function. Increasing audit logging would increase the granularity of config auditing, and decreasing the severity level (i.e. going down to DEBUG, for example) of mcpd logging would increase the logging of that system. Just be very careful of maximizing logging (using 'debug' or 'verbose' for example) as this can greatly increase the amount of logging and impact system performance. That's a general caution for any system.&nbsp;
Does that help or are you trying to capture some specific information?&nbsp;

bharadwaja · Answer

From the article below it looks like if mcpd logging is set to warning or higher, audit messages are not logged irrespective of whether Audit logs are enabled or disabled. &nbsp;
https://support.f5.com/csp/article/K6515&nbsp;

Forum Discussion

MCPD log level explanation

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Explanation of F5 DDoS threshold modes

OWASP Tactical Access Defense Series: Broken Function Level Authorization (BFLA)

Implementing SSL Orchestrator - High Level Considerations

OWASP Tactical Access Defense Series: Broken Object Property Level Authorization and BIG-IP APM

Use TLS Fingerprinting as a First Level of Defense in F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS