Remote Logging still going to /var/log/ltm

As you are looking to do, /var/log/ltm should only be used for short term tshoot. To use syslog exclusively, and *quickly*, I would look at HSL: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-12-0-0/4.html. Use that instead.

Thanks for this possible solution, but it is a bit more that what we want to setup right now. I just wanted to make sure I have the correct syntax to send the output of the iRule directly to the syslog we already have setup. When I run the iRule I see the output in both /var/log/ltm logs and on the syslog output, but I only want to see the output in the syslog. Thanks

Here is the kb article: https://my.f5.com/manage/s/article/K13317.

The default facility used when using the 'log' statement in an irule is local0, or /var/log/ltm. So, maybe use facility 'info' which in theory should not be logged, depending on how your syslog is configured within the settings page.

So...

when HTTP_RESPONSE {
log local0.info XX.XX.XXXXX:514 [HTTP::response]
}

Alternatively, you can try also logging directly to the syslog IP hard coded in the iRule: https://clouddocs.f5.com/api/irules/log.html. So...

So...

when HTTP_RESPONSE {
log 192.168.1.1 local0.info XX.XX.XXXXX:514 [HTTP::response]
}

Where 192.168.1.1 is your SYSLOG server.

So a few more thoughts to maybe help you out.

richarc - did what whisperer advise help you out? If yes, can you please click the Accept as Solution on the reply that helped you, to make it easy for future users to find the answer?