Limit syslog messages
Hello,
I have set up the remote logging from the BigIP GUI and the syslog got many messages as shown below:
Feb 27 00:14:01 ltm1 debug crond[13387]: pam_unix(crond:session): session opened for user syscheck by (uid=0) Feb 27 00:14:01 ltm1 debug crond[13387]: pam_unix(crond:session): session closed for user syscheck Feb 27 00:15:01 ltm1 debug crond[13389]: pam_unix(crond:session): session opened for user root by (uid=0) Feb 27 00:15:01 ltm1 debug crond[13390]: pam_unix(crond:session): session opened for user root by (uid=0) Feb 27 00:15:01 ltm1 debug crond[13389]: pam_unix(crond:session): session closed for user root Feb 27 00:15:01 ltm1 debug crond[13390]: pam_unix(crond:session): session closed for user root Feb 27 00:16:02 ltm1 debug crond[13393]: pam_unix(crond:session): session opened for user syscheck by (uid=0) Feb 27 00:16:02 ltm1 debug crond[13393]: pam_unix(crond:session): session closed for user syscheck Feb 27 00:18:01 ltm1 debug crond[13395]: pam_unix(crond:session): session opened for user syscheck by (uid=0) Feb 27 00:18:01 ltm1 debug crond[13395]: pam_unix(crond:session): session closed for user syscheck Feb 27 00:20:01 ltm1 debug crond[13397]: pam_unix(crond:session): session opened for user root by (uid=0) Feb 27 00:20:01 ltm1 debug crond[13399]: pam_unix(crond:session): session opened for user syscheck by (uid=0) Feb 27 00:20:01 ltm1 debug crond[13398]: pam_unix(crond:session): session opened for user root by (uid=0) Feb 27 00:20:01 ltm1 debug crond[13397]: pam_unix(crond:session): session closed for user root Feb 27 00:20:01 ltm1 debug crond[13398]: pam_unix(crond:session): session closed for user root Feb 27 00:20:01 ltm1 debug crond[13399]: pam_unix(crond:session): session closed for user syscheck Feb 27 00:21:01 ltm1 debug crond[13411]: pam_unix(crond:session): session opened for user root by (uid=0) Feb 27 00:21:02 ltm1 debug crond[13411]: pam_unix(crond:session): session closed for user root Feb 27 00:22:01 ltm1 debug crond[13461]: pam_unix(crond:session): session opened for user syscheck by (uid=0)
I tried to limit these log messages (monitor only /var/ltm) by editing the syslog all-properties:
modify syslog { auth-priv-from notice auth-priv-to emerg console-log enabled cron-from warning cron-to emerg daemon-from notice daemon-to emerg description none include " filter f_local0 { facility(local0); };
log {
source(s_syslog_pipe);
filter(f_local0);
};
"
iso-date disabled
kern-from debug
kern-to emerg
local6-from notice
local6-to emerg
mail-from notice
mail-to emerg
messages-from notice
messages-to warning
remote-servers replace-all-with {
remotesyslog1 {
description none
host x.x.x.x
local-ip none
remote-port 514
}
}
user-log-from notice
user-log-to emerg
}
But I still have the same messages on the remote syslog. Do I have to review the configuration? What am I missing?
thank you.