BIG IP - LTM log fields description

Hello all,

 

i need to analyze the log information for BIG IP - LTM but i couldn't find any documentation about the structure of the logs, something like field name and descriptions for each field.

 

I'm gonna leave here the logs i need to analyze, if someone knows the field names please tell me. If a documentation about the different types of logs exists please direct me to it. In any case, thanks for the attention.

 

BIG-IP LTM LOGS:

 

ALERT:

 

Aug 18 16:06:12 bigipltma alert mcpd[5568]: 01070921:1: Virtual Server '/Common/vs.sei.https' on partition 'Common' enabled by user 'alsar'.

 

CRIT:

 

Aug 18 14:39:25 bigipltma crit dcc[13156]: 01310038:2: [SECEV] Request violations: Evasion technique detected. HTTP protocol compliance sub violations: N/A. Evasion techniques sub violations: IIS backslashes. Web services security sub violations: N/A. Virus name: N/A. Support id: 10878195873414643718, source ip: 172.25.129.7, xff ip: 172.25.129.7, source port: 52140, destination ip: 172.31.0.15, destination port: 80, route_domain: 0, HTTP classifier: /Common/class.consultapublica, scheme HTTP, geographic location: , request: , username: , session_id: <5ec51a5ccb454048>

 

DEBUG:

 

Feb 4 13:48:01 bigipltma debug crond[21212]: pam_unix(crond:session): session opened for user syscheck by (uid=0)

 

EMERG:

 

Nov 24 21:27:13 bigipltma emerg overdog[5369]: 01140043:0: Ha feature software_update reboot requested.

 

ERR:

 

Feb 4 13:47:10 bigipltma err httpd[20425]: [error] [client 192.168.1.244] Got exception while handling EM auth token request: Invalid Certificate: Could not open certificate file: "/shared/em/ssl.crt/192.168.1.244.crt": No such file or directory

 

INFO:

 

Feb 4 13:47:10 bigipltma info logger: [ssl_acc] 192.168.1.244 - - [04/Feb/2015:13:47:10 -0200] "/iControl/iControlPortal.cgi" 401 1743

 

NOTICE:

 

Feb 4 14:01:01 bigipltma notice tmsh[21382]: 01420002:5: AUDIT - pid=21382 user=root folder=/Common module=(tmos) status=[Command OK] cmd_data=show sys mcp-state field-fmt

 

TMM1:

 

Jun 26 14:34:03 bigipltma tmm1[16299]: Client 172.25.100.233:50258 -> VIP: 172.31.0.41:443 -> Node: 10.5.0.17:443

 

TMM:

 

Jun 26 14:34:03 bigipltma tmm[16299]: Client 172.25.100.233:50255 -> VIP: 172.31.0.41:443 -> Node: 10.5.0.17:443

 

TMM2:

 

Jun 26 14:34:02 bigipltma tmm2[16299]: Client 172.25.100.233:50253 -> VIP: 172.31.0.41:443 -> Node: 10.5.0.17:443

 

TMM3:

 

Jun 26 14:34:02 bigipltma tmm3[16299]: Client 172.25.100.233:50252 -> VIP: 172.31.0.41:443 -> Node: 10.5.0.17:443

 

TTP:

 

May 16 15:00:15 bigipltma TTP: :redirect \"ht

 

WARNING:

 

Aug 18 15:38:52 bigipltma warning tmm[11949]: 011e0002:4: sweeper_update: aggressive mode activated. (775156/911872 pages)

 

Aug 18 15:38:54 bigipltma warning tmm[11949]: 011e0003:4: Aggressive mode sweeper: 484 Connections killed