Forum Discussion
you should follow the guide that I share with you, it looks probably to help you with your requirement, if not, share what string do you want exactly to add.
Actually, I want to include expired Ssl certification log on /var/log/ltm to syslog. I try to test some solutions on devcentral, but there are many of different suggestions and make me confused 😞
I need to filter and include some log lines contained string 'expire' to syslog
- Mar 24, 2022
Ok, but it looks easy, there are native configurations that you can apply to meet your requirement:
This is one on the crontab daemon executed every day:
https://support.f5.com/csp/article/K14318
You can send alert by email, or monitor by SNMP the F5:
https://support.f5.com/csp/article/K15288
You can be create a filter to matches a specific message-id and transmits it to the local-syslog log publisher.
From the CLI enter following commands:
tmsh create /sys log-config publisher local-syslog destinations add { local-syslog } tmsh create /sys log-config filter filter_cert_will_expire message-id 01420008 publisher local-syslog tmsh create /sys log-config filter filter_cert_expired message-id 01420007 publisher local-syslog
- Mar 24, 2022
Hi Jiwook ,
In that case, you could check this article which discusses the built-in SSL certificate expiration monitoring. The check-cert utility runs weekly and does create log messages regarding the certificates. I checked in my own environment and did see the messages get logged to syslog.
K14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x - 16.x)
The messages would look similar to this:
01420008:4: Certificate 'CN=host.example.com' in file /Common/host.example.com.crt will expire on Mar 20 23:59:59 2022 GMT
Thanks,
Josh- Mar 24, 2022
Same Article that I shared before.