For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rupesh_Ranjan's avatar
Rupesh_Ranjan
Icon for Nimbostratus rankNimbostratus
Feb 01, 2021

User access related Syslog message for F5 Big IP LTM

Hello Team,   I am looking for the all the access related Syslog message for F5 Big IP LTM for CMI network within telstra.   Model: F5-BIG-LTM-3600-4G-R Serial: F5-IXOI-XIXL   Thanks f...
BIG-IP
LTM
operations
security
Rupesh_Ranjan's avatar
Rupesh_Ranjan
Icon for Nimbostratus rankNimbostratus
Feb 03, 2021

Hello Team,

 

I want to capture all the syslog messages for F5 devices that we are using in our network.

 

Generally need to collect all the syslog messages F5 is generating when someone trying to access the devices.

Kin's avatar
Kin
Icon for Employee rankEmployee
Feb 03, 2021

For BIG-IP events, the system routes messages through syslog-ng to the local log files. For access to the system, you would be most interested in /var/log/ltm. Also review /var/log/audit, /var/log/secure.

For other log files and what they mean, refer to K16197: Reviewing BIG-IP log files

If you'd like to have the logs at a remote server, or consolidate the logs from multiple BIG-IP systems, you can configure BIG-IP to log to a remote server. Refer to:

K13080: Configuring the BIG-IP system to log to a remote syslog server (11.x - 15.x)

K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x)

and if things don't work:

K86480148: Troubleshooting issues sending logs to a remote syslog server

Let me know if this doesn't address your query.