Syslog include configuration sync

Question

Is there anyway in v11 (currently running 11.3.0) to not sync the syslog include section (in bigip_base.conf) between members of a Sync group? We use the syslog include section to insert the hostname of the device into alerts which is then picked up by our monitoring system. Obviously when bigips are then synced, the hostname is overwritten on the destination bigip and so its alerts appear to come from the other node. This can be rather confusing as you might imagine (particularly if one of them is down).&nbsp;
Therefore, I'm wondering if there is a way to not sync the syslog include configuration? Alternatively, is there a variable we can pass to syslog-ng to provide the hostname so that we don't have to hard code it? We've tried $LOGHOST but that seems to be a syslog-ng v3 only capability and so didn't resolve.&nbsp;

nitass · Answer

can you try?&nbsp;
Syslog &amp; Source IP on cluster&nbsp;
https://devcentral.f5.com/questions/syslog-source-ip-on-cluster&nbsp;

what_lies_bene1 · Answer

That file isn't synchronised as far as I'm aware. However, I'm also aware that ConfigSync no longer works as it used to (by transferring a UCS archive) so perhaps that's irrelevant now?&nbsp;
Won't $HOST work?&nbsp;

nitass · Answer

this is my testing. i am running 11.5.1.
 /usr/share/defaults/config_base.conf

...snipped...
include {
   appdata unix_config_syslog.replace.include
   class-name syslog
   configsyncd no
   display-name "Include Data"
   type string
}
...snipped...

unit1

root@(ve11a)(cfg-sync In Sync)(Standby)(/Common)(tmos) show cm sync-status

------------------------------------------------------------------------------------------
CM::Sync Status
------------------------------------------------------------------------------------------
Color    green
Status   In Sync
Summary  All devices in the device group are in sync
Details
         /Common/ve11b.acme.local: connected (for 445 seconds)
         /Common/ve11c.acme.local: connected (for 439 seconds)
         /Common/device_trust_group (In Sync): All devices in the device group are in sync
         /Common/dg (In Sync): All devices in the device group are in sync

root@(ve11a)(cfg-sync In Sync)(Standby)(/Common)(tmos)

root@(ve11a)(cfg-sync In Sync)(Standby)(/Common)(tmos) list sys syslog
sys syslog {
    include "
destination d_loghost {
       udp(\"172.28.24.1\" port(514));
};
log {
       source(s_syslog_pipe);
          destination(d_loghost);
};
"
}

unit2

root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys syslog
sys syslog { }
root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos)

ben_kennedy_502 · Answer

Hello,
Yes that solves it thanks, it helps if I edit the correct snippet of the file (there is a very similar section that now I look at it clearly is to do with log rotation which was obviously not fixing the sync of the config):
syslog_include {
            appdata unix_config_syslogrotate.replace.include
            class-name logrotate
            configsyncd yes
            display-name "Include Data for syslog logrotate file"
            type string
        }      
I'm going to do some digging for this, but does anybody know if it's possible to make these changes via icontrol? We have a script that will configure settings for new deployments via icontrol already (configures syslog/NTP/networks etc) but I don't want people to then log on and have to edit these files manually every time now that the autobuilder does everything else.
Thanks a lot.
Ben

what_lies_bene1 · Answer

Good stuff. &nbsp;
Regarding iControl, it should be in the Log module?&nbsp;

Forum Discussion

Syslog include configuration sync

7 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

LTM 9.4.2+: Custom Syslog Configuration

How to configrue syslog include "space"

Syslog NG Email Configuration

Tcp syslog

BIG-IP to Process TLS Syslog Traffic