setting up syslog?

This appears to work for me:

 
 [root@bigip1:Active:avc(0)] config  b syslog remote server 'foo' host 10.20.20.1 add 
  
 [root@bigip1:Active:avc(0)] config  b syslog remote server show 
 SYSLOG - Remote Server: 
 +-> REMOTE SERVER foo 
 [root@bigip1:Active:avc(0)] config  b syslog remote server list 
 syslog { 
    remote server foo { 
          host 10.20.20.1 
       } 
 } 
 

-Matt

ah ha - much better, thanks a lot.

bumping - just got around to working on this again. logging works fine but my issue is my big-ip sends the syslog message with a hostname of "local" which doesn't really help a lot for reporting and searching.. any ideas on how to change that?

+---------+-------+----------+----------+--------+-------------+------------+----------+---------------------------+
| id      | host  | facility | priority | level  | program     | date       | time     | message                   |
+---------+-------+----------+----------+--------+-------------+------------+----------+---------------------------+
| 6277214 | local | user     | notice   | notice | notice root | 2010-04-20 | 11:11:03 | notice root: test message | 
+---------+-------+----------+----------+--------+-------------+------------+----------+---------------------------+

Hi Nik,

 

 

Check this post for a few options. If you get stuck let us know. Else, if you figure out a solution that works for you, please reply here or in the other post for future reference.

 

 

tmm entries for syslog

 

http://devcentral.f5.com/Default.aspx?tabid=53&aft=30779

 

 

Thanks,

 

Aaron

i was under the impression that in v10 you needed to use the `b syslog` command instead of editing the file since it will be overwritten upon bigpipe config reload.

Hi Nik,

 

 

The idea is that you can either modify the /etc/hosts configuration on TMM so that TMM uses the hostname you'd like or modify the syslog-ng configuration to have syslog-ng insert the host string that you'd like. Either change should be possible to do using the bpsh option described in the article linked in the other post. If you opt for modifying the hosts file entry option, and you cannot use a bigpipe command to make the change you'd need to edit the /etc/hosts file directly and potentially redo that change after upgrades.

 

 

Aaron

i'm going to double-check with f5 support for a more "official" solution but what you linked is probably the best for now. i'll comment again once i have something working.

 

I developed the procedure that I use for this from the following Solutions (I used this on v9.4.x, I do not know if it would need to be altered for 10.1.x since I haven't had to modify that version yet):

 

 

(SOL5527: Configuring BIG-IP to log to a remote syslog server)

 

(SOL8260: Configuring syslog settings using the bigpipe command)

 

 

 

1. Create and save a file containing the desired changes which are as follows, the file should be created in the following location /etc/syslog-ng :

 

 

syslog include "

 

Direct all log information to remote syslog server

 

destination remote_server {

 

udp(\"Remote.Server.IP.Address\" port (514));

 

udp(\"10.10.10.10\" port (514));

 

};

 

filter f_alllogs {

 

level (debug...emerg);

 

};

 

log {source(local);

 

filter(f_alllogs);

 

destination(remote_server);

 

};”

 

 

NOTE: If you have implemented Administrative Domains and Partitions the Partition Selection should be the first line:

 

 

shell write partition Common

 

syslog include "

 

Direct all log information to remote syslog server

 

destination remote_server {

 

udp(\"Remote.Server.IP.Address\" port (514));

 

udp(\"10.10.10.10\" port (514));

 

};

 

filter f_alllogs {

 

level (debug...emerg);

 

};

 

log {source(local);

 

filter(f_alllogs);

 

destination(remote_server);

 

};”

 

 

2. At the Load Balancer command line, direct the include file to the bigpipe shell (bpsh):

 

 

bpsh < syslog.inc

 

 

3. Verify your "include" statement has been included in the running configuration by running the following command:

 

 

b syslog include

 

 

The output should reflect the contents of the file you directed to bpsh.

 

 

NOTE: If Error "No syslogs were found" is encountered you can verify the implemention has actually occured by looking into the syslog-ng.conf file for the implementation (search on udp and step through the config file).

 

 

4. Test your configuration before saving. To roll back changes, you can just reload the permanent configuration:

 

 

bigpipe load

 

 

5. Once you've confirmed the changes, save your changes to the permament configuration:

 

 

bigpipe save

I am trying to set this up. I have to send all the logs to a remote syslog server. Some how this is not working. Can some one paste it as an example like it shows up in the manuals please

Try this...

 

 

b syslog include '"destination remote_server { udp(\"xxx.xx.xx.xxx\" port (514));

 

udp(\"xxx.xx.xx.xxx\" port (514));

 

};

 

 

log { source(local); filter(f_local0); destination(remote_server); };"'