Forum Discussion
NimbostratusSyslog Classification for different modules
Hi There,
We have an F5 device which act as LTM, GTM, APM, AFM and ASM on a Viprion chassis. We are sending syslog to a remote server to correlate the data. Unfortunately F5 is sending the logs from a single IP address and all the module logs are classified as single source logs. Is there any way to classify different modules logs?
4 Replies
Vijith_182946Cirrostratus
Hi, Let me try to answer your query. We have similar setup in our company, Viprion chasis with multiple module licenses out of which currently we are using LTM and ASM. I believe you must have a ASM (and other module) IP configured and you could see the logs from these IPs if you have configured the remote logging from the respective modules. For example i see my logs coming from the guest IP (LTM) with system and LTM logs and with ASM IP i see the ASM related IPs. if you have linux syslog it must be storing under the IPs configured for module IPs. hope this help, cheers vijith
JinshuCirrus
Hi Vijith, I have ASM, AFM, APM, LTM and GTM installed in the same guest so the Syslog server is listing all the logs under one Ip address. We are unable to classify the logs based on modules because it comes from single address. -Jinshu
- boneyard
MVP
i think this SOL will help you out:
http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13317.html
it identifies the different syslog facilities per module: ltm, asm, gtm, ...
- boneyard
i don't understand your questions. these logging facilities are used by default and they are the unique values you can use to differentiate between the different modules.
so when my big-ip sends a syslog message from the GTM module it will be send to local2 and my syslog server should see that.
17:13:29.398283 IP 10.3.22.8.39828 > 10.3.20.20.514: SYSLOG local2.notice, length: 108 out slot1/tmm0 lis=
