We have enabled AD authentication in F5 and provided operator access to user based on criteria . Now when they perform some action related to LTM for e.g. Pool member (enable/disable/force offline) , username in LTM logs , user who is doing these operation is not logged in . How can i do it as it is important to know who has done operations for security purpose . please let me know if i need to enable any function for the same .
Check audit log in /var/log/audit
About audit logging
Audit logging is an optional feature that logs messages whenever a BIG-IP® system object, such as a virtual server or a load balancing pool, is configured (that is, created, modified, or deleted). The BIG-IP system logs the messages for these auditing events in the file /var/log/audit.
There are three ways that objects can be configured:
Whenever an object is configured in one of these ways, the BIG-IP system logs a message to the audit log.