Applies To:

Show Versions Show Versions

sol13317: Configuring the level of information that syslog-ng sends to log files (11.x)
How-ToHow-To

Original Publication Date: 12/30/2011
Updated Date: 03/04/2014

This article applies to BIG-IP 11.x. For information about other versions, refer to the following article:

Purpose

You should consider using this procedure under the following condition:

  • You want to change the level of information that the syslog-ng utility delivers to the BIG-IP log files.

Prerequisites

You must meet the following prerequisite to use this procedure:

  • You must have administrator or resource administrator access to the Configuration utility or tmsh shell.

Description

The BIG-IP system uses the standard UNIX logging utility, syslog-ng, to deliver system messages to log files. You can configure the level of information that syslog-ng delivers to log files.

Note: Log messages for events related to Traffic Management Microkernel (TMM) are controlled by the alertd process. For detailed information about configuring the level of information logged for TMM events, refer to SOL5532: Configuring the level of information logged for TMM specific events.

Syslog-ng uses facilities and levels to describe system messages. Facilities describe the specific element of the system generating the message. Levels describe the severity of the message.

Facilities

The following facilities are available on the BIG-IP system. Each facility handles messages for specific elements of the system, as described in the following table:

Facility
Description
Default log file
local0 BIG-IP specific messages /var/log/ltm
local1 EM specific messages
APM specific messages
/var/log/em
/var/log/apm
local2 GTM and Link Controller specific messages /var/log/gtm
local3 ASM specific messages /var/log/asm
local4 ITCM portal and server (iControl) specific messages /var/log/ltm
local5 Packet Filtering specific messages /var/log/pktfilter
local6 HTTPD specific messages /var/log/httpd/httpd_errors
local7 Linux specific boot messages /var/log/boot.log
cron Messages related to the cron daemon /var/log/cron
daemon Messages related to system daemons (including named and ntpd) /var/log/daemon.log
kern Kernel messages /var/log/kern.log
mail Mail system messages /var/log/maillog
auth User authentication messages that do not contain sensitive information /var/log/secure
authpriv User authentication messages that contain sensitive information /var/log/secure
ftp Unused, messages for FTP are reported under daemon N/A
lpr Unused, printing support is not provided N/A
mark A facility that produces time-stamps at regular intervals N/A
news Unused, news server support is not provided N/A
ntp Unused, messages for ntpd are reported under daemon N/A
user Messages related to user processes /var/log/user.log
uucp Unused None

 

Levels

The following levels are available for each facility, as described in the following table. The facilities are listed in order of the severity of the messages they handle. Generally, higher levels contain all the messages for lower levels. For example, the alert level will generally also report all messages from the emerg level, and the debug level will generally also report all messages for all levels.

Level
Description
Verbosity
emerg Emergency system panic messages Minimum
alert Serious errors that require administrator intervention Low
crit Critical errors, including hardware and filesystem failures Low
err Non-critical, but possibly very important, error messages Low
warning Warning messages that should at least be logged for review Medium
notice Messages that contain useful information, but may be ignored Medium
info Messages that contain useful information, but may be ignored High
debug Messages that are only necessary for troubleshooting Maximum

Procedures

Displaying the level of information that syslog-ng sends to log files

Before you change a specific syslog facility level, you may want to display the current levels. To do so, perform the following procedure:

  1. Log in to the Traffic Management Shell (tmsh) by typing the following command:

    tmsh

  2. Change to the /sys module by typing the following command:

    /sys

  3. To list the level of information that syslog-ng sends to the log files, type the following command:

    list syslog all-properties

Configuring the level of information that syslog-ng sends to log files

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

  1. Log in to the Traffic Management Shell (tmsh) by typing the following command:

    tmsh

  2. Change to the /sys module by typing the following command:

    /sys

  3. Use the following syntax to modify the level of information that syslog-ng sends to log files:

    modify syslog <option>

    For example, the default log level range for the authpriv syslog facility is from notice to emerg. To change the authpriv syslog facility range from warning to emerg, type the following command:

    modify syslog auth-priv-from warning

    Note: For other syslog options, use the help /sys syslog command from the tmsh shell.

  4. Save the change by typing the following command:

    save sys config

Supplemental Information

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)