Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Logging to a different local facility?

fubarSUSHI
Altocumulus
Altocumulus

This is going to be difficult for me to explain but Ill do my best..

 

I have a scenario where I want to take all my logs and log it to a different facility on the remote syslog. Im trying to send all my traffic to a syslog device but instead of having all of the traffic mixed up (from multiple sources) and filter it on the syslog... i have been asked to make all my LTM logs to local5. In this case, the syslog device has a script to put the local5 traffic in a specific folder for LTM. For example, local1 is routers, local2 is switches... local5 is LTM.

 

How do I make this change? Is it syslog-ng? Im looking for anything to key off of so I can googlefu it but Im missing the appropriate syntax or something because Im just not finding it.

 

Overall goal:

 

  1. Change all logs to local5.

     

  2. Limit what gets logged to local5.

     

2a. major errors get logged to local5.

 

2b. all changes get logged to local5.

 

TIA

 

1 REPLY 1

What_Lies_Bene1
Cirrostratus
Cirrostratus

Hmmm, the local5 facility is used for local logging of packet filter messages. However, I'm sure you could do something smart with syslog-ng, which is what is used by TMOS. Some customer destinations and filters and the like should do the trick.

 

You can find manuals here: http://www.balabit.com/support/documentation.

 

Be aware that the F5 configuration will be slightly different and you need to be careful that your changes are not overwritten. This will help you in some way I'm sure: https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13333.html.

 

Either way, this is going to be quite a job!