cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

BIG-IP send all syslog messages as local5 facility

rafaelbn
Cirrostratus
Cirrostratus

Hello Devs!

 

Our client wants every syslog message sent by the BIG-IP to be on local5 facility. I understand that this is not the behavior of syslog-ng. But is it possible? I tinkered around the syslog options and could not find this option, not even on the CLI (we are running v15.1.0.5).

 

They're trying to emulate a Netscaler config

 

add audit syslogAction AUDIT_SRV_SYSLOG 1.2.3.4 -logLevel EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE -dateFormat DDMMYYYY -logFacility LOCAL5 -timeZone LOCAL_TIME

 

This config sends all the messages to syslog server 1.2.3.4 as local5.

 

Thanks, Rafael.

 

2 REPLIES 2

boneyard
MVP
MVP

i dont believe this is easily possible. the BIG-IP uses many different facility values itself by default, so changing those will confuse system that asume the default ones.

 

you might be able to overwrite something by tinkering in the syslog-ng.conf but i wouldnt advise that.

 

i assume you want this to recognize the logging better on the syslog server? isn't that possible on source IP or such?

rafaelbn
Cirrostratus
Cirrostratus

Hey boneyard! How's it going my friend? Thank you for your reply.

 

I thought the same as you. I would have to tinker with the syslog-ng and I could very easily break something and I also advised our client against it.

 

They use some very old syslog solution and designed that way. For now I said that it would not be possible. Let's see if they upgrade that legacy solution to a better one.

 

Thanks for your time, Rafael.