syslog filtering

We have tried the syslog include statements from many articles and yet the informational, debug, and notice events are still forwarding. It seems this should be a basic functionality of the LTM so any assistance would be appreciated. Here is the current syslog that has been modified to try to stop any ssl_acc and ssl_req messages which are a large part of the information events we see:

 

 

modify syslog {

 

auth-priv-from warning

 

auth-priv-to emerg

 

cron-from warning

 

cron-to emerg

 

daemon-from warning

 

daemon-to emerg

 

description none

 

include "

 

filter f_remote_loghost {

 

level(warn..emerg);

 

};

 

filter f_local6_httpd_ssl_acc {

 

facility(local6)

 

and match(\"\\[ssl_acc\\]\") and not match(\"\\] 172.30.x.x\"); };

 

filter f_local6_httpd_ssl_req {

 

facility(local6)

 

and match(\"\\[ssl_req\\]\") and not match(\"\\] 172.30.x.x\"); };

 

destination d_remote_loghost {

 

udp(\"172.30.y.y\" port(514));

 

};

 

log {

 

source(s_syslog_pipe);

 

filter(f_remote_loghost);

 

filter(f_local6_httpd_ssl_acc);

 

filter(f_local6_httpd_ssl_req);

 

destination(d_remote_loghost);

 

};

 

"

 

iso-date disabled

 

kern-from warning

 

kern-to emerg

 

mail-from warning

 

mail-to emerg

 

messages-from warning

 

messages-to warning

 

remote-servers replace-all-with {

 

remotesyslog1 {

 

description none

 

host 172.30.y.y

 

local-ip none

 

remote-port 514

 

}

 

}

 

user-log-from warning

 

user-log-to emerg