I developed the procedure that I use for this from the following Solutions (I used this on v9.4.x, I do not know if it would need to be altered for 10.1.x since I haven't had to modify that version yet):
(SOL5527: Configuring BIG-IP to log to a remote syslog server)
(SOL8260: Configuring syslog settings using the bigpipe command)
1. Create and save a file containing the desired changes which are as follows, the file should be created in the following location /etc/syslog-ng :
syslog include "
Direct all log information to remote syslog server
destination remote_server {
udp(\"Remote.Server.IP.Address\" port (514));
udp(\"10.10.10.10\" port (514));
};
filter f_alllogs {
level (debug...emerg);
};
log {source(local);
filter(f_alllogs);
destination(remote_server);
};”
NOTE: If you have implemented Administrative Domains and Partitions the Partition Selection should be the first line:
shell write partition Common
syslog include "
Direct all log information to remote syslog server
destination remote_server {
udp(\"Remote.Server.IP.Address\" port (514));
udp(\"10.10.10.10\" port (514));
};
filter f_alllogs {
level (debug...emerg);
};
log {source(local);
filter(f_alllogs);
destination(remote_server);
};”
2. At the Load Balancer command line, direct the include file to the bigpipe shell (bpsh):
bpsh < syslog.inc
3. Verify your "include" statement has been included in the running configuration by running the following command:
b syslog include
The output should reflect the contents of the file you directed to bpsh.
NOTE: If Error "No syslogs were found" is encountered you can verify the implemention has actually occured by looking into the syslog-ng.conf file for the implementation (search on udp and step through the config file).
4. Test your configuration before saving. To roll back changes, you can just reload the permanent configuration:
bigpipe load
5. Once you've confirmed the changes, save your changes to the permament configuration:
bigpipe save