cancel
Showing results for 
Search instead for 
Did you mean: 

logs filling up

Sri1
Nimbostratus
Nimbostratus

I am seeing lot of logs as below filling the ltm log files

 

slot1/hostname info tmm[14479]: Hostname="name",SlotId="1",errdefs_msgno="22282261",Entity="DosVisibilityVips",AggrInterval="300",EOCTimestamp="1616413200",HitCount="1",VipName="/Common/https-vs",ServerLatency="0",ServerLatencyHitCount="0",ClientConcurrentConns="0",ServerConcurrentConns="0",MaxClientConcurrentConns="0",MaxServerConcurrentConns="0",ClientNewConns="0",ServerNewConns="0",FailedConns="0",ExpiredConns="0",AbandonedConns="0",ClientBytesIn="0",ServerBytesOut="0",ServerBytesIn="0",ClientOutBytes="0",ClientPktsIn="0",ServerPktsOut="0",ServerPktsIn="0",ClientPktsOut="0",ConcurrentIps="0",ConcurrentBlockedIps="0",ConcurrentIpsParticipatingInAttacks="0",ConcurrentAttacks="0",ServerLatencyHealth="0",ConcurrentConnectionsHealth="0",ThroughputHealth="0",specialConcurrentIpsForAllVips="8"

 

I do not have analytics module enabled, no debugs on the GUI.

Removed the dos logging, ip intelligence.

Please let me know why it is generating these statistics, how to find them.

3 REPLIES 3

Do you have AFM or ASM with Layer 4 or Layer 7 DDOS?

 

If your device is working and there is no high CPU memry or any real issue also check if someone has set the tmm log to informational state as by default it should notice and maybe this is why you see this issue:

 

 

https://support.f5.com/csp/article/K5532

Sri1
Nimbostratus
Nimbostratus

Thanks for your inputs.

 

We have ASM DDOS enabled but I have disabled the logging on the virtual servers to check this problem.

Also do we have option to set TMM value on the GUI?

 

I can see Traffic management OS which is set to Notice.

 

Have you checked the GUI DDOS statistics or if the same messages are in /var/log/dosl7?

 

https://support.f5.com/csp/article/K45156590

 

 

If you have removed the logging profile for https-vs you may check if this VIP is created by an iApp or it has a an irule that could generate such logs or something else?

 

You may raise a case to the vendor as it could be a bug. The log level "info tmm[14479]: " but the tmm logs are set to notice and this is the strange thing.

 

 

Other think is to test seting the ASM log log.ts.level to Notice level from th GUI or CLI just as a test.

 

 

That are my ideas.