Forum Discussion
Gill_32697
Nimbostratus
NimbostratusRemote Logging Syslog
I am needing to only send local0.notice messages to a remote syslog server. currently im sending to much local6.info messages. If tried the Gui menu Logs:Configuration:Options and other tmsh commands ive found on Ask F5, but so far no luck. Any suggestions on how to only send local0.notice to the remote syslog.
6 Replies
kunjanTry this
tmsh modify /sys syslog include "destination remote {udp(\"10.10.10.10\" port (514));};filter f_notice {level (notice...emerg);};log {source(local);filter(f_notice);destination(remote);};"
Gill_32697Nope, still getting lots to local6.info....the only thing i changed in the script was the IP, unless i should have changed more?
- kunjan
Modified with the filter facility
tmsh modify /sys syslog include "destination remote_server {udp(\"10.10.10.10\" port (514));};filter f_notice {level (debug...emerg);};filter f_local0 {facility (local0);};log {source(local);filter(f_notice);filter(f_local0);destination(remote_server);};"Verify
tmsh list /sys syslog all-properties - kunjan
There is a typo earlier
tmsh modify /sys syslog include "destination remote_server {udp(\"10.10.10.10\" port (514));};filter f_notice {level (notice...emerg);};filter f_local0 {facility (local0);};log {source(local);filter(f_notice);filter(f_local0);destination(remote_server);};" 
TJ_VreugdenhilCirrus
Hi Gilbert,
How about this?
sys syslog { auth-priv-from notice auth-priv-to emerg console-log enabled cron-from warning cron-to emerg daemon-from notice daemon-to emerg description none include " filter f_custom { (level(notice)) ; }; destination d_loghost { udp(\"x.x.x.x\" port(514)); }; log { source(s_syslog_pipe); filter(f_custom); destination(d_loghost); };" iso-date disabled kern-from notice kern-to emerg local6-from notice local6-to emerg mail-from notice mail-to emerg messages-from notice messages-to warning remote-servers none user-log-from notice user-log-to emerg }- Gill_32697
Yes, that's working great. Thanks TJ
