Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Remote Logging still going to /var/log/ltm

richarc
Nimbostratus
Nimbostratus

‎05-Jun-2023 06:14

I used the log IP for an irule and the log lines are still going to /var/log/ltm.  I only want the output to skip /var/log/ltm/ and only output to the syslogs. Is that possible? Thanks

 

irule being used

when HTTP_RESPONSE {
log XX.XX.XXXXX:514 [HTTP::response]
}

Labels:
0 Kudos
5 REPLIES 5

whisperer
Nacreous
Nacreous

‎05-Jun-2023 06:42

As you are looking to do, /var/log/ltm should only be used for short term tshoot. To use syslog exclusively, and *quickly*, I would look at HSL: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-imple.... Use that instead.

0 Kudos

richarc
Nimbostratus
Nimbostratus

‎05-Jun-2023 09:55

Thanks for this possible solution, but it is a bit more that what we want to setup right now. I just wanted to make sure I have the correct syntax to send the output of the iRule directly to the syslog we already have setup. When I run the iRule I see the output in both /var/log/ltm logs and on the syslog output, but I only want to see the output in the syslog. Thanks

0 Kudos

whisperer
Nacreous
Nacreous
In response to richarc

‎05-Jun-2023 10:01

Not in front of computer at the moment, but you could simply change the severity in the irule log statement. Presumably under the syslog settings, you have default or some other setting to only log high level issues. If you change the severity, and it is less than that configured for logging to /var/log/ltm them it will not be written to disk.

0 Kudos

whisperer
Nacreous
Nacreous

‎05-Jun-2023 10:18

Here is the kb article: https://my.f5.com/manage/s/article/K13317.

The default facility used when using the 'log' statement in an irule is local0, or /var/log/ltm. So, maybe use facility 'info' which in theory should not be logged, depending on how your syslog is configured within the settings page.

So...

when HTTP_RESPONSE {
log local0.info XX.XX.XXXXX:514 [HTTP::response]
}

Alternatively, you can try also logging directly to the syslog IP hard coded in the iRule: https://clouddocs.f5.com/api/irules/log.html. So...

So...

when HTTP_RESPONSE {
log 192.168.1.1 local0.info XX.XX.XXXXX:514 [HTTP::response]
}

Where 192.168.1.1 is your SYSLOG server.

So a few more thoughts to maybe help you out.

0 Kudos

Leslie_Hubertus
Community Manager
Community Manager

‎12-Jun-2023 18:03

@richarc - did what @whisperer advise help you out? If yes, can you please click the Accept as Solution on the reply that helped you, to make it easy for future users to find the answer?

0 Kudos
Copyright © 2023 Khoros, LLC