Forum Discussion
Wasfi_182818
Altostratus
Aug 25, 2016Minimum Log level that will guarantee system admin activities logs
Hi;
What LTM log level will guarantee the logging system admin usernames when they login and logout. Is it notice or info? I mean I want to set it to the minimum that will achieve that requireme...
boneyard
MVP
Aug 27, 2016where are you looking at the logs exactly? when i configure remote logging i get AUDIT events like this by default in my syslog server.
Aug 27 15:01:28 10.3.25.8 Aug 27 15:02:25 bigip-01 notice httpd[19023]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016" end="Sat Aug 27 15:02:25 2016".
Aug 27 15:01:23 10.3.25.8 Aug 27 15:02:20 bigip-01 notice httpd[23332]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016".
this happens unrelated to any log setting within the GUI it seems, i tried to disable Audit Logging but even that doesn't stop this.
if you have any other configuration let me know.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects