CirrusI have configure remote logging server (solarwind kiwi log server).
Server is receiving a lot of logs per second and all of them have a info severity.
Although I have changed the severity in option to minimum but still getting 3,4 logs per second.
Please help me how to configure it.
CirrusThe LTM is going to send anything and everything it has to the Remote Syslog Server. As long at you are seeing the same log entries on the source device then you probably already have it setup correctly (it's a pretty straight forward process).
Keep in mind that if you continue to edit the logging level that you may miss something that you actually want to see just for the sake of not overloading your remove syslog server.
Hope this helps.
Cirrus
NimbostratusThe LTM is going to send anything and everything it has to the Remote Syslog Server. As long at you are seeing the same log entries on the source device then you probably already have it setup correctly (it's a pretty straight forward process).
Keep in mind that if you continue to edit the logging level that you may miss something that you actually want to see just for the sake of not overloading your remove syslog server.
Hope this helps.
Cirrus
CirrusI deal with the repetitive syslog messages in the Kiwi syslog server. Create a rule that filters based on the IPs of the f5 devices AND unique text strings of the repetitive messages (you can stack up filters and actions in Kiwi), with an action that stops message processing. Example:
filter = Message text "POST iControl/iControlPortal.cgi" OR "pam_unix(crond:session)"
filter = Hostname "10.150.0.10" OR "10.150.0.11" OR "10.150.0.12" OR "10.150.0.13" OR "10.150.0.14"
action = Stop message processing
Place this rule near the top of the list (order matters in Kiwi). It will drop the useless stuff, and allow the meaningful messages to pass through to be parsed, logged/emailed/whatever. Hope this helps.
