Forum Discussion

TJ_Vreugdenhil's avatar
Apr 16, 2014

Syslog v11 modification

Hi -

I want to only send syslog levels, notice through emergency, but just want notice messages that match

"monitor status".

Like the messages below here:

Feb 12 00:00:13 myf5.com cleansed mcpd[1925]: 01070727:5: Pool member pool_member_ip:801 monitor status up.
Feb 12 00:01:33 myf5.com cleansed mcpd[1925]: 01070638:5: Pool member pool_member_ip:801 monitor status down.

The syntax below is not getting it done. Am I close?

sys syslog {
        auth-priv-from warning
        auth-priv-to emerg
        console-log enabled
        cron-from warning
        cron-to emerg
        daemon-from notice
        daemon-to emerg
        description none
        include "
        filter f_notice {
            match "(.*monitor status.*)";
        };
        filter f_remote_loghost {
            level(notice..emerg);
        };
        destination d_remote_loghost {
            udp(\"172.17.2.49\" port(514));
            udp(\"172.25.6.10\" port(514));
        };
        log {
            source(s_syslog_pipe);
            filter(f_remote_loghost);
            destination(d_remote_loghost);
        };
        "
        iso-date disabled
        kern-from notice
        kern-to emerg
        local6-from notice
        local6-to emerg
        mail-from notice
        mail-to emerg
        messages-from notice
        messages-to warning
        remote-servers none
        user-log-from notice
        user-log-to emerg
    }
  • can you try something like this?

     config
    
    [root@ve11a:Active:In Sync] config  tmsh list sys syslog
    sys syslog {
        include "
    filter f_custom {
        (level(notice)
        and match(\"monitor status\"))
        or level(warning..emerg)
        ;
    };
    destination d_loghost {
        udp(\"172.28.24.1\" port(514));
    };
    log {
        source(s_syslog_pipe);
        filter(f_custom);
        destination(d_loghost);
    };"
    }
    
     logger
    
    [root@ve11a:Active:In Sync] config  logger -p local0.notice "Pool member pool_member_ip:801 monitor status up."
    [root@ve11a:Active:In Sync] config  logger -p local0.info "Pool member pool_member_ip:801 monitor status up."
    [root@ve11a:Active:In Sync] config  logger -p local0.notice "Pool member pool_member_ip:801 monitor status down."
    [root@ve11a:Active:In Sync] config  logger -p local0.emerg "Pool member pool_member_ip:801 monitor status down."
    
     log host (172.28.24.1)
    
    [root@centos1 ~] nc -l -u 514
    <133>Apr 17 01:31:22 ve11a notice root: Pool member pool_member_ip:801 monitor status up.
    <133>Apr 17 01:31:47 ve11a notice root: Pool member pool_member_ip:801 monitor status down.
    <128>Apr 17 01:32:01 ve11a emerg root: Pool member pool_member_ip:801 monitor status down.
    
  • can you try something like this?

     config
    
    [root@ve11a:Active:In Sync] config  tmsh list sys syslog
    sys syslog {
        include "
    filter f_custom {
        (level(notice)
        and match(\"monitor status\"))
        or level(warning..emerg)
        ;
    };
    destination d_loghost {
        udp(\"172.28.24.1\" port(514));
    };
    log {
        source(s_syslog_pipe);
        filter(f_custom);
        destination(d_loghost);
    };"
    }
    
     logger
    
    [root@ve11a:Active:In Sync] config  logger -p local0.notice "Pool member pool_member_ip:801 monitor status up."
    [root@ve11a:Active:In Sync] config  logger -p local0.info "Pool member pool_member_ip:801 monitor status up."
    [root@ve11a:Active:In Sync] config  logger -p local0.notice "Pool member pool_member_ip:801 monitor status down."
    [root@ve11a:Active:In Sync] config  logger -p local0.emerg "Pool member pool_member_ip:801 monitor status down."
    
     log host (172.28.24.1)
    
    [root@centos1 ~] nc -l -u 514
    <133>Apr 17 01:31:22 ve11a notice root: Pool member pool_member_ip:801 monitor status up.
    <133>Apr 17 01:31:47 ve11a notice root: Pool member pool_member_ip:801 monitor status down.
    <128>Apr 17 01:32:01 ve11a emerg root: Pool member pool_member_ip:801 monitor status down.