Forum Discussion

cabundo_13048's avatar
cabundo_13048
Icon for Nimbostratus rankNimbostratus
Jul 16, 2013

Syslog Inquiry

Hello All,

 

 

We have a couple of LTM's sending out syslog message to a remote server on the network. The syslog server is seeing that some of the LTM's are getting message with the hostnames instead of the IP. Majority of the LTM's that are sending out hostnames are running version 9.x (9.4.8). I've tried googling but can't find any article/solution ID to resolve it. I even tried calling F5 Support and they told me that it doesn't look possible.

 

Just wanted to ask the group if anyone has encountered this kind of issue and what he/she did to resolve it. I already tried asking the Security Team to modify the host file on the remote server to convert the hostname to IP but they said it would be cause problems in the future.

 

 

For TMSH:

 

http://support.f5.com/kb/en-us/solu...mllocalip

 

 

 

Thanks

 

management
monitoring
  • cabundo_13048's avatar
    cabundo_13048
    Icon for Nimbostratus rankNimbostratus
    Jul 16, 2013
    By the way, i found the below link but looks like it won't work o version 9.x.

     

     

    For TMSH:

     

     

    http://support.f5.com/kb/en-us/solu...mllocalip
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 28, 2013
    by default, syslog-ng sends message using "$ISODATE $HOST $MSGHDR$MSG\n" template. you can customize it as you want.

    this may not be a good example anyway.

    e.g. 

    [root@B6400-R69-S9:Active] config  b version|grep -iA 1 version
BIG-IP Version 9.4.8 355.0
Final Edition

[root@B6400-R69-S9:Active] config  b syslog include '"
> template t_custom {
>   template(\"$ISODATE 172.28.69.9 $MSG\n\");
>   template_escape(no);
> };
> destination d_loghost {
>   udp(\"172.28.20.17\" port(514) template(t_custom));
> };
> log {
>   source(local);
>   destination(d_loghost);
> };
> "'

[root@B6400-R69-S9:Active] config  b syslog list
syslog {
   include "
template t_custom {
  template(\"$ISODATE 172.28.69.9 $MSG\\n\");
  template_escape(no);
};
destination d_loghost {
  udp(\"172.28.20.17\" port(514) template(t_custom));
};
log {
  source(local);
  destination(d_loghost);
};
"
   remote server none
}

 remote syslog

2013-07-26T10:06:32-07:00 172.28.69.9 logger: [ssl_acc] 192.168.206.136 - admin [26/Jul/2013:10:06:32 -0700] "GET /tmui/Control/jspmap/tmui/overview/welcome/introduction.jsp HTTP/1.1" 200 57424