Forum Discussion
NimbostratusSyslog include configuration sync
Is there anyway in v11 (currently running 11.3.0) to not sync the syslog include section (in bigip_base.conf) between members of a Sync group? We use the syslog include section to insert the hostname of the device into alerts which is then picked up by our monitoring system. Obviously when bigips are then synced, the hostname is overwritten on the destination bigip and so its alerts appear to come from the other node. This can be rather confusing as you might imagine (particularly if one of them is down).
Therefore, I'm wondering if there is a way to not sync the syslog include configuration? Alternatively, is there a variable we can pass to syslog-ng to provide the hostname so that we don't have to hard code it? We've tried $LOGHOST but that seems to be a syslog-ng v3 only capability and so didn't resolve.
7 Replies
- nitass
Employee
can you try?
Syslog & Source IP on cluster
https://devcentral.f5.com/questions/syslog-source-ip-on-cluster 
What_Lies_Bene1Cirrostratus
That file isn't synchronised as far as I'm aware. However, I'm also aware that ConfigSync no longer works as it used to (by transferring a UCS archive) so perhaps that's irrelevant now?
Won't $HOST work?
- nitass
this is my testing. i am running 11.5.1.
/usr/share/defaults/config_base.conf ...snipped... include { appdata unix_config_syslog.replace.include class-name syslog configsyncd no display-name "Include Data" type string } ...snipped...unit1 root@(ve11a)(cfg-sync In Sync)(Standby)(/Common)(tmos) show cm sync-status ------------------------------------------------------------------------------------------ CM::Sync Status ------------------------------------------------------------------------------------------ Color green Status In Sync Summary All devices in the device group are in sync Details /Common/ve11b.acme.local: connected (for 445 seconds) /Common/ve11c.acme.local: connected (for 439 seconds) /Common/device_trust_group (In Sync): All devices in the device group are in sync /Common/dg (In Sync): All devices in the device group are in sync root@(ve11a)(cfg-sync In Sync)(Standby)(/Common)(tmos) root@(ve11a)(cfg-sync In Sync)(Standby)(/Common)(tmos) list sys syslog sys syslog { include " destination d_loghost { udp(\"172.28.24.1\" port(514)); }; log { source(s_syslog_pipe); destination(d_loghost); }; " } unit2 root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys syslog sys syslog { } root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) 
Ben_Kennedy_502Hello,
Yes that solves it thanks, it helps if I edit the correct snippet of the file (there is a very similar section that now I look at it clearly is to do with log rotation which was obviously not fixing the sync of the config):
I'm going to do some digging for this, but does anybody know if it's possible to make these changes via icontrol? We have a script that will configure settings for new deployments via icontrol already (configures syslog/NTP/networks etc) but I don't want people to then log on and have to edit these files manually every time now that the autobuilder does everything else.syslog_include { appdata unix_config_syslogrotate.replace.include class-name logrotate configsyncd yes display-name "Include Data for syslog logrotate file" type string }Thanks a lot.
Ben
- What_Lies_Bene1
Good stuff.
Regarding iControl, it should be in the Log module?
- Ben_Kennedy_502
excellent, I'll take a look in there, thanks
brunocalcadoHi everyone,
I'm trying to understanding the configuration of syslog include. I found this article : https://support.f5.com/csp/article/K13333.
Here we go, for the bigip would I have the same behavior with or without the escapes '\"' surrounding the server IP? Ex.:
destination d_remote_loghost {
tcp(\"10.11.16.253\" port(1468));
udp(\"10.11.16.252\" port(514)); };
And this :
destination d_remote_loghost {
tcp('10.11.16.253' port(1468));
udp('10.11.16.252' port(514)); };
Could you clarify this please? Thanks a lot. Best regards.
