Forum Discussion

Luca_55898's avatar
Luca_55898
Icon for Nimbostratus rankNimbostratus
Aug 29, 2011

Too many syslogs!

Hi,

 

I'm trying to get my LTM cluster to send only warning and above syslog messages to my external syslogs server. It is currently sending debugging messages and flooding my syslog server with useless info.

 

 

I can't seem to get the LTM to send anything higher than debug. I have this config:

 

 

 

b syslog include

 

SYSLOG - Include Data:

 

destination remote_server {

 

udp("10.15.5.7" port (514));

 

};

 

filter f_alllogs {

 

level (warn...emerg);

 

};

 

log {

 

source(local);

 

filter(f_alllogs);

 

destination(remote_server);

 

};

 

 

 

Any ideas whats going on?

 

config
design

6 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 29, 2011
    is there any other syslog config besides syslog include?

     

     

    can u check by running b syslog list?

     

     

  • Luca_55898's avatar
    Luca_55898
    Icon for Nimbostratus rankNimbostratus
    Aug 29, 2011
    config b syslog list

     

    syslog {

     

    cron from err

     

    daemon from err

     

    include "

     

    destination remote_server {

     

    udp(\"10.15.5.7\" port (514));

     

    };

     

    filter f_alllogs {

     

    level (warn...emerg);

     

    };

     

    log {

     

    source(local);

     

    filter(f_alllogs);

     

    destination(remote_server);

     

    };"

     

    kern from err

     

    kern to emerg

     

    mail from err

     

    mail to emerg

     

    messages from warning

     

    messages to crit

     

    userlog from err

     

    remote server mgmt {

     

    host 10.15.5.7

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 29, 2011
    since u wanna use syslog include, syslog remote server is not needed.

     

     

    please remove it and it will work as u want.

     

     

    >remote server mgmt {

     

    >host 10.15.5.7
  • Luca_55898's avatar
    Luca_55898
    Icon for Nimbostratus rankNimbostratus
    Aug 30, 2011
    Is there a difference between using the syslog include funtion, or using the remote server config?

     

     

    Just wondering what the best way to do this is...

     

    syslog include or

     

    modify sys syslog remote-servers

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 30, 2011
    syslog include is more ganular e.g. filter out some log level.