Forum Discussion
Remote Logging still going to /var/log/ltm
I used the log IP for an irule and the log lines are still going to /var/log/ltm. I only want the output to skip /var/log/ltm/ and only output to the syslogs. Is that possible? Thanks
irule being used
when HTTP_RESPONSE {
log XX.XX.XXXXX:514 [HTTP::response]
}
As you are looking to do, /var/log/ltm should only be used for short term tshoot. To use syslog exclusively, and *quickly*, I would look at HSL: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-12-0-0/4.html. Use that instead.
- richarcNimbostratus
Thanks for this possible solution, but it is a bit more that what we want to setup right now. I just wanted to make sure I have the correct syntax to send the output of the iRule directly to the syslog we already have setup. When I run the iRule I see the output in both /var/log/ltm logs and on the syslog output, but I only want to see the output in the syslog. Thanks
Not in front of computer at the moment, but you could simply change the severity in the irule log statement. Presumably under the syslog settings, you have default or some other setting to only log high level issues. If you change the severity, and it is less than that configured for logging to /var/log/ltm them it will not be written to disk.
Here is the kb article: https://my.f5.com/manage/s/article/K13317.
The default facility used when using the 'log' statement in an irule is local0, or /var/log/ltm. So, maybe use facility 'info' which in theory should not be logged, depending on how your syslog is configured within the settings page.
So...
when HTTP_RESPONSE {
log local0.info XX.XX.XXXXX:514 [HTTP::response]
}Alternatively, you can try also logging directly to the syslog IP hard coded in the iRule: https://clouddocs.f5.com/api/irules/log.html. So...
So...
when HTTP_RESPONSE {
log 192.168.1.1 local0.info XX.XX.XXXXX:514 [HTTP::response]
}Where 192.168.1.1 is your SYSLOG server.
So a few more thoughts to maybe help you out.
- Leslie_HubertusRet. Employee
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com