cancel
Showing results for 
Search instead for 
Did you mean: 

Need to stop sending the debug crond [28591] from f5 to syslog server [splunk]

Niladri
Nimbostratus
Nimbostratus

I have changed the logging level of syslog config from info.... err to emerg.....emerg . Also have specifically mentioned a filter for the remote server where i am filtering the log as:

 

sys syslog {

  auth-priv-from emerg

  auth-priv-to emerg

  console-log enabled

  cron-from emerg

  cron-to emerg

  daemon-from notice

  daemon-to emerg

  description none

  include "

filter f_remote_loghost {

  level(emerg..err);

};

 

destination d_remote_loghost {

  udp(\"x.x.x.x\" port(514));

};

 

log {

  source(s_syslog_pipe);

  filter(f_remote_loghost);

  destination(d_remote_loghost);

};

"

  iso-date disabled

  kern-from debug

  kern-to emerg

  local6-from notice

  local6-to info

  mail-from notice

  mail-to emerg

  messages-from notice

  messages-to emerg

 remotesyslog1 {

      description none

      host x.x.x.x

      local-ip none

      remote-port 514

    }

  }

  user-log-from notice

  user-log-to emerg

}

 

 

can anyone help me on how to stop sending the debug crond[28591]; pam_unix[cron session] to the syslog server [splunk] ????

0 REPLIES 0