For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Niladri's avatar
Niladri
Icon for Nimbostratus rankNimbostratus
Sep 07, 2021

Need to stop sending the debug crond [28591] from f5 to syslog server [splunk]

I have changed the logging level of syslog config from info.... err to emerg.....emerg . Also have specifically mentioned a filter for the remote server where i am filtering the log as:

 

sys syslog {

  auth-priv-from emerg

  auth-priv-to emerg

  console-log enabled

  cron-from emerg

  cron-to emerg

  daemon-from notice

  daemon-to emerg

  description none

  include "

filter f_remote_loghost {

  level(emerg..err);

};

 

destination d_remote_loghost {

  udp(\"x.x.x.x\" port(514));

};

 

log {

  source(s_syslog_pipe);

  filter(f_remote_loghost);

  destination(d_remote_loghost);

};

"

  iso-date disabled

  kern-from debug

  kern-to emerg

  local6-from notice

  local6-to info

  mail-from notice

  mail-to emerg

  messages-from notice

  messages-to emerg

 remotesyslog1 {

      description none

      host x.x.x.x

      local-ip none

      remote-port 514

    }

  }

  user-log-from notice

  user-log-to emerg

}

 

 

can anyone help me on how to stop sending the debug crond[28591]; pam_unix[cron session] to the syslog server [splunk] ????

application delivery
BIG-IP
LTM
security
No RepliesBe the first to reply