Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

LTM Syslog filter help

Hi all Today I have a problem that filter not send:

  • Device HA state: Active / StandBy
  • Device Interface Down info

I know that all these Alerts in Info level

This is my filter:

sys syslog {
    include "
    filter Local0_error_above {
facility(local0) and level(error..emerg);
};
destination sys-dmz {
udp(\"a.b.c.d\" port(514));
};
log {
source(s_syslog_pipe);
filter(Local0_error_above);
destination(sys-dmz);
};
"
}

I tried to change the filter to

sys syslog {
    include "
    filter Local0_error_above {
facility(local0) and level(error..emerg);
};
    filter sod {
facility(local0) and match(\"sod\");  ###<== for sod service alerts (HA alerts)
};
    filter interface {
facility(local0) and match(\"Interface\");  ### <===for inteface downalerts - match word "Interface" and send alert to syslog
};
destination sys-dmz {
udp(\"a.b.c.d\" port(514));
};
log {
source(s_syslog_pipe);
filter(Local0_error_above);
filter(sod);
filter(interface);
destination(sys-dmz);
};
"
}

Save sys config reload the syslog-ng service and this is not work not send my filter regard sod service and Interface why it is not work ?

Thanks for help

0
Rate this Question

Answers to this Question