Log message code list?

Question

SOL16197: Reviewing BIG-IP log files describes local traffic log message format as:
Message code is split into:
Message code: The code that is associated with the message. The code is comprised of the following sub-codes:

Product Code: The first two hex digits form the product code. For example, 0x01 is the BIG-IP product code.
Subset Code: The third and fourth hex digits are the subset code. For example, 0x2a is the subset code for LIBHAL.
Message Number: The next four digits form the message number within a module.
Severity Level: The last digit between the colon symbols is the severity level, with 0 being the highest severity level.

Are the Product and Subset codes listed anywhere? Would help in processing log messages further in Splunk or similar tool.

arindam_novell_ · Answer

I too have the same question for parsing in a SIEM solution. Is there any comprehensive list?

Did you get any information on this?

thanks

Arindam

thi · Answer

Unfortunately no answer so far. Think we need to raise a ticket to support.

seamlessfirework · Answer

I know this thread is old, but I had the same question today. I raised a ticket to support.

seamlessfirework · Answer

Hey guys,I got an answer from support. There you go:&nbsp;https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/log-messages.htmlBut the documentation is incomplete. I was searching for IDs like&nbsp;01870044 (APM stuff) but could not find anything. I asked support to complete the list. I'll keep you posted.

seamlessfirework · Answer

I got an answer from the support. They opened an issue:

(Bug alias 894213) DOC - Include APM log messages into Error Catalog (log-messages.html

Beside that the support gave me the following workaround which is quite good imho:

"For example, if you wish to get more info about mentioned codes we will see that the first log is generated for Access policy per-request logging agent and the second log is for APM oAuth agent:

# cat /run/bigip_error_maps.dat | grep '01870023\|01490291'

1 LOG_NOTICE 01870023 BIGIP_ACCESSPERREQUEST_ACCESS2_LOGGING_AGENT "%s:%s:%.*s: %.*s"

1 LOG_NOTICE 01490291 BIGIP_ACCESSCONTROL_APDNOTICE_OAUTH_AGENT_SUCCESS "%s:%s:%s:%s: OAuth %s: succeeded for %s '%s'%s %s%s" "

The content of the dat file seems to include all log message ids the BIG-IP can put into the log files. HTH

Forum Discussion

Log message code list?

5 Replies

Recent Discussions

redirect not working

Can iRule be used to perform exception of IPI category based on Geolocation

Monitor string query

Telemetry streaming to Elasticsearch

Error while running ansible

Related Content

Security as Code eBook from NGINX

F5 402 Exam reading list and notes

Live Coding with iRules - Heatmaps!

FIX Message Response

Game: National Coding Week Escape Room Is Live!