For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

habib_Khan's avatar
habib_Khan
Icon for Nimbostratus rankNimbostratus
Jun 27, 2014

Syslog config assistance

Hi All, I need to configure remote syslog server on ltm 10.2.1 with the below rrequirement.

 

The logging level on the load balancers be increased to provide more information to the syslog. At a minimum, i need to see when URLG™s are accessed, and the results of that access.

 

Config on Ltm

 

[root@0.0.0.0:Active] config tmsh list /sys syslog all-properties sys syslog { auth-priv-from notice auth-priv-to emerg cron-from warning cron-to emerg daemon-from notice daemon-to emerg include none kern-from notice kern-to emerg mail-from notice mail-to emerg messages-from notice messages-to warning remote-servers { loglogic { host 10.x.x.x local-ip none remote-port 514 } } user-log-from notice user-log-to emerg }

 

Thanks & Regards, Habib Khan

 

1 Reply

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jun 27, 2014

    It may be a better option here to create an LTM request log profile and assign it as needed to individual VIPs.

    create ltm pool [pool name] members add { ip:port }

create ltm profile request-log [profile name] response-log-pool [syslog pool] response-log-profile mds-udp response-log-template $NCSA_COMMON response-logging enabled

modify ltm virtual [VIP name] profiles add { [log name] { context all } }

    The $NCSA_COMMON template sends something like the following:

    10.80.0.1 - - [27/Jun/2014:09:20:21 -0400] "GET /foobar/blah HTTP/1.1" 404 1151

    And the full list of template options can be found here:

    http://support.f5.com/kb/en-us/products/big-ip-aam/manuals/product/aam-implementations-11-4-0/20.html?sr=33764514