cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

How I configure syslog included specific string at /var/log/ltm ?

Jiwook
Nimbostratus
Nimbostratus

here is our syslog configuration 

 

sys syslog {
auth-priv-from notice
auth-priv-to emerg
clustered-host-slot enabled
clustered-message-slot disabled
console-log enabled
cron-from warning
cron-to emerg
daemon-from notice
daemon-to emerg
description none
include none
iso-date disabled
kern-from debug
kern-to emerg
local6-from notice
local6-to emerg
mail-from notice
mail-to emerg
messages-from notice
messages-to warning
remote-servers {
remotesyslog1 {
description none
host X.X.X.X
local-ip X.X.X.X
remote-port 514
}
}
user-log-from notice
user-log-to emerg
}

 

And i want configure syslog to include specific string on /var/log/ltm 

 

how I can do this plz help me 

13 REPLIES 13

Sebastiansierra
Cirrostratus
Cirrostratus

The point is not how configure syslog, the point is configure syslog to include specific string on /var/log/ltm.

You are exactly right

you should follow the guide that I share with you, it looks probably to help you with your requirement, if not, share what string do you want exactly to add.

Actually, I want to include expired Ssl certification log on /var/log/ltm to syslog. I try to test some solutions on devcentral, but there are many of different suggestions and make me confused 😞

I need to filter and include some log lines contained string 'expire' to syslog 

Ok, but it looks easy, there are native configurations that you can apply to meet your requirement:

This is one on the crontab daemon executed every day:

https://support.f5.com/csp/article/K14318

You can send alert by email, or monitor by SNMP the F5:

https://support.f5.com/csp/article/K15288

You can be create a filter to matches a specific message-id and transmits it to the local-syslog log publisher.

From the CLI enter following commands:
 
tmsh create /sys log-config publisher local-syslog destinations add { local-syslog }
tmsh create /sys log-config filter filter_cert_will_expire message-id 01420008 publisher local-syslog
tmsh create /sys log-config filter filter_cert_expired message-id 01420007 publisher local-syslog

 

Hi @Jiwook ,

In that case, you could check this article which discusses the built-in SSL certificate expiration monitoring. The check-cert utility runs weekly and does create log messages regarding the certificates. I checked in my own environment and did see the messages get logged to syslog.

K14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x - 16.x)

The messages would look similar to this:

 

01420008:4: Certificate 'CN=host.example.com' in file /Common/host.example.com.crt will expire on Mar 20 23:59:59 2022 GMT

 

Thanks,
Josh

Same Article that I shared before.

Please use caution with older guides. The guide you mentioned uses "bigpipe" or b shell commands, which were deprecated some time ago and won't work in recent versions.

Same Article that I shared before.

This is one on the crontab daemon executed every day:

https://support.f5.com/csp/article/K14318

@Sebastiansierra my apologies, I did not notice that you had pasted the same article previously.

Jiwook
Nimbostratus
Nimbostratus

Thanks for all your helps.

Im deeply moved by your passion to save me. 

I will test your suggestions tomorrow, and let you know about the results.

It is 2:08 am here and i should go sleep now.. 

Thanks anyway for real and have a nice day all of you 🙂