NimbostratusSend /var/log/ltm on syslog destination without AUDIT logs
Hello everyone,
I'm trying to filter just /var/log/ltm logs in F5 version 13.1.1.4, but with my configuration I can't filter the AUDIT logs, is still sending it to my syslog destination.
I configured this in syslog all-properties:
include " filter syslog_level { facility(local0) and level(debug..crit); };
filter no_audit { not match ("AUDIT"); };
destination remote_server {
udp(\"172.16.10.26\" port(4000));
};
log {
source(local);
filter(syslog_level);
filter(no_audit);
destination(remote_server);
};
"
But, when I tried to restart the service syslog-ng, shows the next message: WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please use a more specific filter like message() and/or program() instead.;
Any ideas how can I just receive /var/log/ltm on my syslog destination?
Thanks in advanced.
Hello Berenice,
You're on the right track; your syntax is just a little off. Match now requires the use of "value()"
So I think something like
filter no_audit { not match ( value=("AUDIT") ); };Best of luck,
Austin
