Filtering specific SSH connections from log messages
Hello,
To monitor the SSH service on our F5 boxes, our monitoring server periodically conducts SSH connection attempts that are logged locally (/var/log/ltm) and remotely via a Syslog server. Since these logs are not really useful, we would like to not display them locally and not send them to the syslog server
Mon Sep 5 04:27:30 CEST 2016 info F5-DEVICE sshd[5138] Did not receive identification string from IP_MONITORING_SERVER
Mon Sep 5 04:32:30 CEST 2016 info F5-DEVICE sshd[5179] Did not receive identification string from IP_MONITORING_SERVER
Mon Sep 5 04:37:30 CEST 2016 info F5-DEVICE sshd[5194] Did not receive identification string from IP_MONITORING_SERVER
Mon Sep 5 04:42:30 CEST 2016 info F5-DEVICE sshd[5233] Did not receive identification string from IP_MONITORING_SERVER
I know that with the include command "filter filter_name {..}; log {filter (filter_name)};" it's possible to apply filters to the logs but I do not find a way to filter for this scenario.
Is there a way to suppress these specific SSH connections initiated from our monitoring server?
I found an example (sol16932) that might look like what I want but in my opinion, we should have the good arguments to put in the filter command.
Thanking you in advance