Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusRemote syslog server
I have configure remote logging server (solarwind kiwi log server).
Server is receiving a lot of logs per second and all of them have a info severity.
Although I have changed the severity in option to minimum but still getting 3,4 logs per second.
Please help me how to configure it.
Michael_Yates_6The LTM is going to send anything and everything it has to the Remote Syslog Server. As long at you are seeing the same log entries on the source device then you probably already have it setup correctly (it's a pretty straight forward process).
Keep in mind that if you continue to edit the logging level that you may miss something that you actually want to see just for the sake of not overloading your remove syslog server.
Hope this helps.
Muhammad_Irfan1But all those are informational logs. almost 4 logs per second and LTM is not even in production yet, its only configured. There has to be a way to lower the severity of logs for remote server
Michael_YatesNimbostratus
The LTM is going to send anything and everything it has to the Remote Syslog Server. As long at you are seeing the same log entries on the source device then you probably already have it setup correctly (it's a pretty straight forward process).
Keep in mind that if you continue to edit the logging level that you may miss something that you actually want to see just for the sake of not overloading your remove syslog server.
Hope this helps.
- Muhammad_Irfan1But all those are informational logs. almost 4 logs per second and LTM is not even in production yet, its only configured. There has to be a way to lower the severity of logs for remote server
OTS02I deal with the repetitive syslog messages in the Kiwi syslog server. Create a rule that filters based on the IPs of the f5 devices AND unique text strings of the repetitive messages (you can stack up filters and actions in Kiwi), with an action that stops message processing. Example:
filter = Message text "POST iControl/iControlPortal.cgi" OR "pam_unix(crond:session)"
filter = Hostname "10.150.0.10" OR "10.150.0.11" OR "10.150.0.12" OR "10.150.0.13" OR "10.150.0.14"
action = Stop message processing
Place this rule near the top of the list (order matters in Kiwi). It will drop the useless stuff, and allow the meaningful messages to pass through to be parsed, logged/emailed/whatever. Hope this helps.
