F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Sani's avatar
Sani
Icon for Nimbostratus rankNimbostratus
Dec 06, 2016

What could be the reason for the APM log "user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=list sys db"

Hello Everyone,

 

I see the following entry in APM logs every 10 minutes. Is this Normal? Can someone give some info about why this message appear in the logs.

 

Nov 28 12:11:02 F5-APM notice tmsh[24299]: 01420002:5: AUDIT - pid=24299 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt

 

Nov 28 12:11:02 F5-APM notice tmsh[24303]: 01420002:5: AUDIT - pid=24303 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db

 

Nov 28 12:21:02 F5-APM notice tmsh[24741]: 01420002:5: AUDIT - pid=24741 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt

 

Nov 28 12:21:03 F5-APM notice tmsh[24745]: 01420002:5: AUDIT - pid=24745 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db

 

Nov 28 12:31:01 F5-APM notice tmsh[25181]: 01420002:5: AUDIT - pid=25181 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt Nov 28 12:31:02 F5-APM notice tmsh[25185]: 01420002:5: AUDIT - pid=25185 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db

 

Nov 28 12:41:02 F5-APM notice tmsh[25623]: 01420002:5: AUDIT - pid=25623 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt

 

Nov 28 12:41:02 F5-APM notice tmsh[25627]: 01420002:5: AUDIT - pid=25627 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db Nov 28 12:51:02 F5-APM notice tmsh[26065]: 01420002:5: AUDIT - pid=26065 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt

 

Nov 28 12:51:03 F5-APM notice tmsh[26069]: 01420002:5: AUDIT - pid=26069 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db

 

The following BugID was fixed in 11.4.x TMOS version

 

ID 387803 Users will no longer see the following message every minute in /var/log/audit (when config.auditing is enabled): notice tmsh[13814]: 01420002:5: AUDIT - pid=13814 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db ucs.loadtime one-line

 

We are running version 12.1.1 HF1. So please suggest if this normal or something to worry.

 

Cheers, Saneesh

 

application delivery
BIG-IP Access Policy Manager (APM)
LTM

1 Reply

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account
    Dec 06, 2016

    These are normal. Example from a lab box:

    Dec  6 08:31:02 current-3 notice tmsh[6922]: 01420002:5: AUDIT - pid=6922 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt
Dec  6 08:31:02 current-3 notice tmsh[6933]: 01420002:5: AUDIT - pid=6933 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db
Dec  6 08:41:01 current-3 notice tmsh[7372]: 01420002:5: AUDIT - pid=7372 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt
Dec  6 08:41:02 current-3 notice tmsh[7383]: 01420002:5: AUDIT - pid=7383 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db
Dec  6 08:51:01 current-3 notice tmsh[7818]: 01420002:5: AUDIT - pid=7818 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt
Dec  6 08:51:02 current-3 notice tmsh[7829]: 01420002:5: AUDIT - pid=7829 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=list sys db

    If you'd rather not see these, I'd suggest to submit a ticket to Support to make a request to remove/hide them.