Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

syslog include filter that adds a text string to events

cdjac0bsen
Nimbostratus
Nimbostratus

‎11-May-2020 14:53

I would like to add a text string like "ASM_system_error" to every local3 event of level critical to emergency since syslog doesn't include the severity level in the log event itself (unless we have something configured wrong). Right now the include statement is something like this:

 

sys syslog include "filter f_waffilter { facility(local3) and (level(emerg) or level(alert) or level(crit));};destination waf_udp { udp(9.9.9.9 port(9999));}; log { source(local); filter(f_waffilter); destination(waf_udp);};"

Labels:
0 Kudos
2 REPLIES 2

Kevin_Davies
MVP
MVP

‎11-May-2020 22:23

Templates of syslog-ng do this but there is no guarantee that its works on an F5. YMMV

 

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.17/administration-...

0 Kudos

cdjac0bsen
Nimbostratus
Nimbostratus

‎12-May-2020 07:40

Thanks, Kevin. That seems like a lot of work. Was hoping for a simple addition to the include filter. Oh well. Does anyone know why the severity level isn't included in the log event sent remotely?

0 Kudos
Copyright © 2023 Khoros, LLC