Forum Discussion

Cirrus

Feb 09, 2026

Syslog Filter Configuration for Separating Audit and LTM logs.

Hello Community, I am currently configuring a remote syslog and i have two syslog servers: One server should receive only Audit logs. The second server should receive all other logs (ltm), exc...

filter

syslog

Jeff_Granieri

Employee

Feb 17, 2026

this may be more inline on what you want to do

filter f_syslog_all_except_audit {
    not facility(local0);
};

destination d_syslog_all {
    udp("1.2.3.4" port(514));
};

log {
    source(s_syslog_pipe);
    filter(f_syslog_all_except_audit);
    destination(d_syslog_all);
};

Sarah

Cirrus

Feb 19, 2026

Thank you Jeff!

Isn't the facility local0 statement include LTM log files?

My intention is to forward all logs file (ltm, gtm, messages, ... etc) to the syslog server, while excluding any AUDIT logs.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Syslog Filter Configuration for Separating Audit and LTM logs.

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

block a specific user

which virtual server will be hit?

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

APM - Portal access - Issue

F5 bot defense - false positives

Related Content

LTM 9.4.2+: Custom Syslog Configuration

Syslog NG Email Configuration

Load Balancing TCP TLS Encrypted Syslog Messages

Configuring syslog-ng to email messages

Syslog virtual server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS