AltostratusI believe we have limited visibility on LTM logs via GUI. In CLI ,what are the safe commands to view LTM logs - for same day(recent) or of some particular date last week !!
By default we are in /home/admin directory of ltm after login via CLI ... how we have to proceed further ?
should we use zcat ,tail commands... please clarify..
NimbostratusHi Mayank
The logs are in /var/log, where the LTM log is in file named ltm. There is normal linux log rotation with compression, so you have about 8+ days logs in the directory by default. For example:
-rw------- 1 root root 1400139 Apr 20 12:19 ltm
-rw------- 1 root root 47112 Apr 20 04:02 ltm.1.gz
-rw------- 1 root root 58943 Apr 19 04:02 ltm.2.gz
-rw------- 1 root root 4982 Apr 18 04:02 ltm.3.gz
-rw------- 1 root root 5713 Apr 17 04:02 ltm.4.gz
-rw------- 1 root root 21946 Apr 16 04:02 ltm.5.gz
-rw------- 1 root root 227950 Apr 15 04:02 ltm.6.gz
-rw------- 1 root root 21627 Apr 14 04:02 ltm.7.gz
-rw------- 1 root root 41242 Apr 13 04:02 ltm.8.gz
-rw------- 1 root root 29882 Apr 12 04:02 ltm.9.gz
Managing the log files (rotation etc), see SOL13367: Managing log files on the BIG-IP system (11.x). Note that the /var/log -file system is fairly limited in size, and if you collect a lot of log information, it may fill up pretty fast. Especially if you have debug level on on some sw modules. Also there is default max size for each log file (think it was 512MB). We had one customer to fill up it in 4+ hours leaving only 4+ hours of log data for each day, rest was somehow removed..
You can use any suitable linux tool to look and search those. I normally use less -command to browse/search the ltm log (and use for example zcat ltm.1.gz | less , to do the same for zipped files). Though recently have moved to using Splunk to collect all relevant logs and index them for easy searching.