I am getting below logs on in F5 System>>Logs>>Audit logs. I checked in below article in that showing it is a normal logs.
I need more information on this
why alerts were triggered at that specific time and date?
What is the root cause?
Is there any way we can clear the alerts?
Observed messages in logs: pid=22039 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=show sys mcp-state field-fmt:
Happened since 7 Dec 4:00am
I checked more on this on BIGIP device, In System>log>Configuration>Option, It is possible to disable tmsh and MCP login. Which is enabled by default after 11.x version.
You can avoid those messages using "Log Filters"
To do so, you need to create a Log Filter (in Log Options) as "notice" specifying just '01420002' code. Destination of those messages should be 'None'.
About the meaning... try this -> https://devcentral.f5.com/questions/meaning-of-the-audit-log