Forum Discussion

zobaarul_333371's avatar
zobaarul_333371
Icon for Nimbostratus rankNimbostratus
Feb 26, 2019

LTM Logs for a specific pool member

Hi all, We are using Advanced Web "Application Firewall,i10800 (BIG-IP 13.1.1.2 Build 0.0.4)". We have installed it recently. There are many pools configured here. Lets say one of these is "pool_yyyy". Its has two members. But we don't get any log when one of the members is down. Only get the logs mentioning if pool has available members or not like below:

 

*Feb 25 11:10:58 XXXXXXX-vCMP1 err tmm[11818]: 01010028:3: No members available for pool /Common/pool_yyyy Feb 25 11:11:06 XXXXXXX-vCMP1 notice tmm3[11818]: 01010221:5: Pool /Common/pool_yyyy now has available members *

 

I have checked the past 3 days log. There are no logs for a specific pool member for any pool

 

How can I get logs like below:

 

Line 38412: Oct 16 17:08:42 PBV-AAA-BBB notice bigd[4898]: 01060145:5: Pool /Common/pool_kkkk member /Common/bbb.rrr.com-10.101.5.160 monitor status down. [ /Common/https: DOWN ] [ was checking for 0hr:2mins:35sec ]

 

It would be great if anyone can help me

 

Thanks in advance - Zobaarul

 

application delivery
BIG-IP
LTM

5 Replies

Sort By
  • Michael_Saleem's avatar
    Michael_Saleem
    Icon for MVP rankMVP
    Feb 27, 2019

    By default the F5 should be logging when individual pool members fail their health monitor checks.

    The syslog message ID for a pool member going down is 

    01070638
    and the severity level is 5 (notifications). You may want to try filtering the LTM logs based on this message ID

    Example SysLog message

    Feb 25 08:37:21 localhost.localdomain notice mcpd[7279]: 01070638:5: Pool /Common/POOL-192.168.1.101 member /Common/172.24.32.11:80 monitor status down. [ /Common/tcp: down; last error:  ]  [ was unchecked for 0hr:1min:8sec ]

    Have you modified the syslog configuration by any chance?

    What do you get from the following command?

    list sys syslog all-properties

  • Root44's avatar
    Root44
    Icon for Altostratus rankAltostratus
    Feb 28, 2019

    Few things, if there is no status change then I don't think you will be able to see it.

     

    Else, try the below command:

     

    tmos bash

     

    LTM cd /var/log

     

    log cat ltm | grep pool_name (example-443 or example)

     

    Live troubleshooting: tail -f /var/log/ltm

     

  • zobaarul_333371's avatar
    zobaarul_333371
    Icon for Nimbostratus rankNimbostratus
    Mar 03, 2019

    Thanks for the feedback. I have found message ID 01070638 only for the pool members configured using IP address. But Most of the members are configured using FQDN. For such members(with FQDN), there's no syslog message with ID 01070638

     

    Syslog configuration has not been changed. Recent changes was 5250V-12.1.3.1 ---> 5250V 12.3.1.7 ----> i10800 13.1.1.2. I think this has started after 5250V-12.1.3.1 ---> 5250V 12.3.1.7 update.

     

    During 5250V 12.3.1.7 ----> i10800 13.1.1.2, back was restored in the new one and configuration is the same in both.

     

    Sys log output is long. Should I post it here?

     

  • Michael_Saleem1's avatar
    Michael_Saleem1
    Icon for Cirrus rankCirrus
    Mar 03, 2019

    Hi,

     

    I have labbed this and I managed to replicate the issue. I am only seeing log messages in /var/log/ltm for individual pool members going up/down for non-FQDN nodes. I even tried turning on bigd debugging, but it still did not help.

     

    I would recommend raising a support case with F5 for this issue.