cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

how to filter syslog to stack on remote syslog server

Jiwook
Nimbostratus
Nimbostratus

Hi 

I have some troubles at remote logging.

This is My syslog configuration all-properties 

Jiwook_0-1652166538111.png

I just want to logging on syslog server that  /var/log/ltm logs and include specific string( -- Decryption ) 

So, I configure all properties as 'emerg' level to filter useless logs.

But at syslog server,  there are too many 'info' level logs Continuously..

Jiwook_1-1652166860228.png

 

I can't figure out where all these useless logs came from.

 

I want to stack only /var/log/ltm log containing the string 'Decryption' at the syslog server.\

What is the problem ?? 

2 REPLIES 2

JRahm
Community Manager
Community Manager

you'll likely need to have a custom log to apply your filter and destination against. Details in this article.

PSFletchTheTek
Cirrostratus
Cirrostratus

Really Sorry I'm no CLI expert. But Hopefully if I explain the GUI side you'll be able to convert.
So from my experiance and f5 logging and monitoring in general is a bug bear of mind which i'd love to get improved!

The Remote Logging configuation, inside the f5 litterly sends everything including debug to the syslog server from what i can tell this is a legacy thing.

PSFletchTheTek_0-1652283831751.png

But there is a newer way of doing it!
You Setup a new pool with your syslog server in it.
Then a log Destination
then a log Publisher and lastly a 
Log Filter

PSFletchTheTek_1-1652284154646.png

The log filter is then the part where you should be able to put somethng in to help your use case.
I think you'll also need to create two Log Destinations, one for remote syslog and one for high speed logging so its then uses this new method. But just look out now, the message now will come out of a tmm interface not the kernal interface dependant on your routing table! 
Was caught out by that the first time of getting it working!