Forum Discussion

joness4nz_46184's avatar
joness4nz_46184
Icon for Nimbostratus rankNimbostratus
Dec 07, 2009

Syslog locally and remote with specific facility level

Hi,

 

 

Hopefully i am posting this in the correct forum, and apologies if this is not, or if this question has been asked before. I did look around before posting but couldnt really see an answer.

 

 

I want to change the syslog config on the LTM (running version 9.4.6) to log locally, but also remotely, however when the syslogs are sent to the remote syslog server they need to be all at a the same facility level (level yet to be determined), but i dont want to mess with the local logs.

 

 

This is because the remote syslog server is a central server receiving logs from hundreds of devices, it filters these into deifferent directories and files dependant on the facility level.

 

 

Is this possible and could anyone offer some advice how to achieve this ?

 

 

Many thanks in advance

 

1 Reply

  • You might be able to do something using templates in syslog-ng. The only F5-specific part of the config is how you enter the syslog-ng configuration. You can do this using the bpsh following the examples in this article from Deb:

     

     

    syslog-ng rewrite facility destination (Click here)

     

     

    http://www.campin.net/syslog-ng/faq.htmltemplate

     

    https://lists.balabit.hu/pipermail/syslog-ng/2001-January/001153.html

     

     

    LTM 9.4.2+: Custom Syslog Configuration

     

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=155

     

     

    And here are a few related posts:

     

     

    How to filter syslog messages

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=31&tpage=1&view=topic&postid=62132

     

     

    syslog-ng filter not working

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=56442

     

     

    Aaron