Forum Discussion
TJ_Vreugdenhil
Cirrus
CirrusSyslog v11 modification
Hi -
I want to only send syslog levels, notice through emergency, but just want notice messages that match "monitor status".
Like the messages below here:
Feb 12 00:00:13 myf5.com cleanse...
nitass_89166
Noctilucent
Noctilucentcan you try something like this?
config
[root@ve11a:Active:In Sync] config tmsh list sys syslog
sys syslog {
include "
filter f_custom {
(level(notice)
and match(\"monitor status\"))
or level(warning..emerg)
;
};
destination d_loghost {
udp(\"172.28.24.1\" port(514));
};
log {
source(s_syslog_pipe);
filter(f_custom);
destination(d_loghost);
};"
}
logger
[root@ve11a:Active:In Sync] config logger -p local0.notice "Pool member pool_member_ip:801 monitor status up."
[root@ve11a:Active:In Sync] config logger -p local0.info "Pool member pool_member_ip:801 monitor status up."
[root@ve11a:Active:In Sync] config logger -p local0.notice "Pool member pool_member_ip:801 monitor status down."
[root@ve11a:Active:In Sync] config logger -p local0.emerg "Pool member pool_member_ip:801 monitor status down."
log host (172.28.24.1)
[root@centos1 ~] nc -l -u 514
<133>Apr 17 01:31:22 ve11a notice root: Pool member pool_member_ip:801 monitor status up.
<133>Apr 17 01:31:47 ve11a notice root: Pool member pool_member_ip:801 monitor status down.
<128>Apr 17 01:32:01 ve11a emerg root: Pool member pool_member_ip:801 monitor status down.
TJ_VreugdenhilBeautiful! That works. Thanks nitass!
