F5 BIG-IP icon   F5 BIGIP – Send logs to custom syslog file



For debugging purposes (or to simply to organize logs as you prefer) it would be interesting to send certain syslog messages to a custom file instead of the default ones like /var/log/ltm or /var/log/apm

Desired goal

This example shows the way to send syslog messages starting with the string #DEBUG# to the file /var/log/customlog

(You can replace both string and file name in this example with the values you want)

Configure syslog

Configure some syslog parameters by running the following command:

# tmsh modify sys syslog include '"
filter f_local0 {
facility(local0) and not match(\": #DEBUG#\");
};

filter f_local0_customlog {
facility(local0) and match(\": #DEBUG#\");
};

destination d_customlog {
file(\"/var/log/customlog\" create_dirs(yes));
};

log {
source(local);
filter(f_local0_customlog);
destination(d_customlog);
};
"'

In case you need to revert the syslog configuration changes:

# tmsh modify sys syslog include none

Example of IRule to log to custom file

This is a simple IRule that logs the URLs tried to be accesed in the virtual server where the IRule has been applied:

when HTTP_REQUEST {
log local0.info "[IP::client_addr] [HTTP::host][HTTP::uri]"
}

As expected, this lines would be logged to /var/log/ltm file

To send those messages to the custom log file, it is as simple as prepending the configured syslog string (in this example #DEBUG#):

when HTTP_REQUEST {
log local0.info "#DEBUG# [IP::client_addr] [HTTP::host][HTTP::uri]"
}

Check logs

After applying this last example IRule, new messages would be logged to the custom file:

# tail -f /var/log/customlog
Nov  8 09:33:03 BigIP1 tmm1[12686]: Rule /Common/IRULE_TEST_LOG <HTTP_REQUEST>: #DEBUG# 10.2.4.10 myweb.domain.com/folder

Leave a Reply

Your email address will not be published. Required fields are marked *