Forum Discussion
Minimum Log level that will guarantee system admin activities logs
Hi;
What LTM log level will guarantee the logging system admin usernames when they login and logout. Is it notice or info? I mean I want to set it to the minimum that will achieve that requirements.
Kindly Wasfi
2 Replies
- Vijay_E
Cirrus
I don't know the exact values but I know for sure that the default settings will log the username.
where are you looking at the logs exactly? when i configure remote logging i get AUDIT events like this by default in my syslog server.
Aug 27 15:01:28 10.3.25.8 Aug 27 15:02:25 bigip-01 notice httpd[19023]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016" end="Sat Aug 27 15:02:25 2016". Aug 27 15:01:23 10.3.25.8 Aug 27 15:02:20 bigip-01 notice httpd[23332]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016".this happens unrelated to any log setting within the GUI it seems, i tried to disable Audit Logging but even that doesn't stop this.
if you have any other configuration let me know.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com