Forum Discussion
TJ_Vreugdenhil
Cirrus
CirrusSyslog v11 modification
Hi -
I want to only send syslog levels, notice through emergency, but just want notice messages that match
"monitor status".Like the messages below here:
Feb 12 00:00:13 myf5.com cleansed mcpd[1925]: 01070727:5: Pool member pool_member_ip:801 monitor status up.
Feb 12 00:01:33 myf5.com cleansed mcpd[1925]: 01070638:5: Pool member pool_member_ip:801 monitor status down.
The syntax below is not getting it done. Am I close?
sys syslog {
auth-priv-from warning
auth-priv-to emerg
console-log enabled
cron-from warning
cron-to emerg
daemon-from notice
daemon-to emerg
description none
include "
filter f_notice {
match "(.*monitor status.*)";
};
filter f_remote_loghost {
level(notice..emerg);
};
destination d_remote_loghost {
udp(\"172.17.2.49\" port(514));
udp(\"172.25.6.10\" port(514));
};
log {
source(s_syslog_pipe);
filter(f_remote_loghost);
destination(d_remote_loghost);
};
"
iso-date disabled
kern-from notice
kern-to emerg
local6-from notice
local6-to emerg
mail-from notice
mail-to emerg
messages-from notice
messages-to warning
remote-servers none
user-log-from notice
user-log-to emerg
}
nitass_89166Noctilucent
can you try something like this?
config [root@ve11a:Active:In Sync] config tmsh list sys syslog sys syslog { include " filter f_custom { (level(notice) and match(\"monitor status\")) or level(warning..emerg) ; }; destination d_loghost { udp(\"172.28.24.1\" port(514)); }; log { source(s_syslog_pipe); filter(f_custom); destination(d_loghost); };" } logger [root@ve11a:Active:In Sync] config logger -p local0.notice "Pool member pool_member_ip:801 monitor status up." [root@ve11a:Active:In Sync] config logger -p local0.info "Pool member pool_member_ip:801 monitor status up." [root@ve11a:Active:In Sync] config logger -p local0.notice "Pool member pool_member_ip:801 monitor status down." [root@ve11a:Active:In Sync] config logger -p local0.emerg "Pool member pool_member_ip:801 monitor status down." log host (172.28.24.1) [root@centos1 ~] nc -l -u 514 <133>Apr 17 01:31:22 ve11a notice root: Pool member pool_member_ip:801 monitor status up. <133>Apr 17 01:31:47 ve11a notice root: Pool member pool_member_ip:801 monitor status down. <128>Apr 17 01:32:01 ve11a emerg root: Pool member pool_member_ip:801 monitor status down.
TJ_VreugdenhilBeautiful! That works. Thanks nitass!
nitassEmployee
can you try something like this?
config [root@ve11a:Active:In Sync] config tmsh list sys syslog sys syslog { include " filter f_custom { (level(notice) and match(\"monitor status\")) or level(warning..emerg) ; }; destination d_loghost { udp(\"172.28.24.1\" port(514)); }; log { source(s_syslog_pipe); filter(f_custom); destination(d_loghost); };" } logger [root@ve11a:Active:In Sync] config logger -p local0.notice "Pool member pool_member_ip:801 monitor status up." [root@ve11a:Active:In Sync] config logger -p local0.info "Pool member pool_member_ip:801 monitor status up." [root@ve11a:Active:In Sync] config logger -p local0.notice "Pool member pool_member_ip:801 monitor status down." [root@ve11a:Active:In Sync] config logger -p local0.emerg "Pool member pool_member_ip:801 monitor status down." log host (172.28.24.1) [root@centos1 ~] nc -l -u 514 <133>Apr 17 01:31:22 ve11a notice root: Pool member pool_member_ip:801 monitor status up. <133>Apr 17 01:31:47 ve11a notice root: Pool member pool_member_ip:801 monitor status down. <128>Apr 17 01:32:01 ve11a emerg root: Pool member pool_member_ip:801 monitor status down.- TJ_VreugdenhilBeautiful! That works. Thanks nitass!