For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Wasfi_182818's avatar
Wasfi_182818
Icon for Altostratus rankAltostratus
Aug 26, 2016

Minimum Log level that will guarantee system admin activities logs

Hi;

 

What LTM log level will guarantee the logging system admin usernames when they login and logout. Is it notice or info? I mean I want to set it to the minimum that will achieve that requirements.

 

Kindly Wasfi

 

BIG-IP
cloud

2 Replies

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Aug 27, 2016

    I don't know the exact values but I know for sure that the default settings will log the username.

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Aug 27, 2016

    where are you looking at the logs exactly? when i configure remote logging i get AUDIT events like this by default in my syslog server.

    Aug 27 15:01:28 10.3.25.8 Aug 27 15:02:25 bigip-01 notice httpd[19023]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016" end="Sat Aug 27 15:02:25 2016".

Aug 27 15:01:23 10.3.25.8 Aug 27 15:02:20 bigip-01 notice httpd[23332]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016".

    this happens unrelated to any log setting within the GUI it seems, i tried to disable Audit Logging but even that doesn't stop this.

    if you have any other configuration let me know.