Forum Discussion

Nimbostratus

Mar 24, 2022

How I configure syslog included specific string at /var/log/ltm ?

here is our syslog configuration sys syslog { auth-priv-from notice auth-priv-to emerg clustered-host-slot enabled clustered-message-slot disabled console-log enabled cron-from warning cr...

announcement

application delivery

Jiwook

Nimbostratus

Mar 24, 2022

Actually, I want to include expired Ssl certification log on /var/log/ltm to syslog. I try to test some solutions on devcentral, but there are many of different suggestions and make me confused 😞

I need to filter and include some log lines contained string 'expire' to syslog

Sebastiansierra

MVP

Mar 24, 2022

Ok, but it looks easy, there are native configurations that you can apply to meet your requirement:

This is one on the crontab daemon executed every day:

https://support.f5.com/csp/article/K14318

You can send alert by email, or monitor by SNMP the F5:

https://support.f5.com/csp/article/K15288

You can be create a filter to matches a specific message-id and transmits it to the local-syslog log publisher.

From the CLI enter following commands:

tmsh create /sys log-config publisher local-syslog destinations add { local-syslog }
tmsh create /sys log-config filter filter_cert_will_expire message-id 01420008 publisher local-syslog
tmsh create /sys log-config filter filter_cert_expired message-id 01420007 publisher local-syslog

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)