Forum Discussion

Altostratus

Aug 25, 2016

Minimum Log level that will guarantee system admin activities logs

Hi; What LTM log level will guarantee the logging system admin usernames when they login and logout. Is it notice or info? I mean I want to set it to the minimum that will achieve that requireme...

BIG-IP

cloud

boneyard

MVP

Aug 27, 2016

where are you looking at the logs exactly? when i configure remote logging i get AUDIT events like this by default in my syslog server.

Aug 27 15:01:28 10.3.25.8 Aug 27 15:02:25 bigip-01 notice httpd[19023]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016" end="Sat Aug 27 15:02:25 2016".

Aug 27 15:01:23 10.3.25.8 Aug 27 15:02:20 bigip-01 notice httpd[23332]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016".

this happens unrelated to any log setting within the GUI it seems, i tried to disable Audit Logging but even that doesn't stop this.

if you have any other configuration let me know.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)