Forum Discussion

Jiwook's avatar
Jiwook
Icon for Nimbostratus rankNimbostratus
May 10, 2022

how to filter syslog to stack on remote syslog server

Hi 

I have some troubles at remote logging.

This is My syslog configuration all-properties 

I just want to logging on syslog server that  /var/log/ltm logs and include specific string( -- Decryption ) 

So, I configure all properties as 'emerg' level to filter useless logs.

But at syslog server,  there are too many 'info' level logs Continuously..

 

I can't figure out where all these useless logs came from.

 

I want to stack only /var/log/ltm log containing the string 'Decryption' at the syslog server.\

What is the problem ?? 

2 Replies

  • Really Sorry I'm no CLI expert. But Hopefully if I explain the GUI side you'll be able to convert.
    So from my experiance and f5 logging and monitoring in general is a bug bear of mind which i'd love to get improved!

    The Remote Logging configuation, inside the f5 litterly sends everything including debug to the syslog server from what i can tell this is a legacy thing.

    But there is a newer way of doing it!
    You Setup a new pool with your syslog server in it.
    Then a log Destination
    then a log Publisher and lastly a 
    Log Filter

    The log filter is then the part where you should be able to put somethng in to help your use case.
    I think you'll also need to create two Log Destinations, one for remote syslog and one for high speed logging so its then uses this new method. But just look out now, the message now will come out of a tmm interface not the kernal interface dependant on your routing table! 
    Was caught out by that the first time of getting it working!