How to configure remote syslog 10.x (and 11.x) on an LTM

Symptoms:

for noisy MSSP devices… the start of a template. to be added as procedure as well.

11.x see comments

Solution:

**** add logging servers SOL5527

tmsh modify sys syslog remote-servers add

{<name-syslog> {host x.x.x.x remote-port 514}

<name-syslog> {host x.x.x.x remote-port 514}}

tmsh save sys config

***Suppress Peer Messages SOL9442

bpsh <<END
syslog {
include ”

filter f_local6_httpd_ssl_acc {
facility(local6)
and match(\”\\[ssl_acc\\]\”) and not match(\”\\]

10.4.1.25\”);
};

filter f_local6_httpd_ssl_req {
facility(local6)
and match(\”\\[ssl_req\\]\”) and not match(\”\\]

10.4.1.25\”);
};


}
END

bigpipe save all

 

Comments:

In version 11.x reference SOL13333:

This assumes that our management NAT is to the “Management” interface. If other consult NSE for design.

If our remote servers are already defined (confirm with tmsh list /sys syslog remote-servers) then REMOVE THEM:

tmsh delete /sys syslog remote-servers { name }

Create the following include filter:
tmsh                    ## edit requires you get into the tmsh interactively
edit /sys syslog all-properties           ## edit puts you in vi for those properties only

change the line below:
include none

to below:

include ”
filter f_remote_loghost {
level(warn..emerg);
};

destination d_remote_loghost {
udp(\”x.x.x.x\” port(514) localip(<management.if.ip.addr>));
udp(\”x.x.x.x\” port(514) localip(1<management.if.ip.addr>));
};

log {
source(s_syslog_pipe);
filter(f_remote_loghost);
destination(d_remote_loghost);
};

type :wq <enter>
answer ‘y’ to save changes

Run (you’ll be back in tmsh): now you’ll need management routes:

tmsh create /sys management-route <name> network x.x.x.0/24 gateway <management.if.default.gw>
tmsh create /sys management-route <name> network x.x.x.0/24 gateway <management.if.default.gw>
save /sys config
quit

 

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.