AskF5 Knowledge Base
- Home
- SOL13317
Applies To:
Show Versions
sol13317: Configuring the level of information that syslog-ng sends to log files (11.x)
How-To
Original Publication Date: 12/30/2011
Updated Date: 01/04/2013
This article applies to BIG-IP 11.x. For information about other versions, refer to the following article:
Purpose
You should consider using this procedure under the following condition:
- You want to change the level of information that the syslog-ng utility delivers to the BIG-IP log files.
Prerequisites
You must meet the following prerequisite to use this procedure:
- You must have administrator or resource administrator access to the Configuration utility or tmsh shell.
Description
The BIG-IP system uses the standard UNIX logging utility, syslog-ng, to deliver system messages to log files. You can configure the level of information that syslog-ng delivers to log files.
Note: Log messages for events related to Traffic Management Microkernel (TMM) are controlled by the alertd process. For detailed information about configuring the level of information logged for TMM events, refer to SOL5532: Configuring the level of information logged for TMM specific events.
Syslog-ng uses facilities and levels to describe system messages. Facilities describe the specific element of the system generating the message. Levels describe the severity of the message.
Facilities
The following facilities are available on the BIG-IP system. Each facility handles messages for specific elements of the system, as described in the following table:
| Facility |
Description |
Default log file |
| local0 | BIG-IP specific messages | /var/log/ltm |
| local1 | EM specific messages APM specific messages |
/var/log/em /var/log/apm |
| local2 | GTM and Link Controller specific messages | /var/log/gtm |
| local3 | ASM specific messages | /var/log/asm |
| local4 | ITCM portal and server (iControl) specific messages | /var/log/ltm |
| local5 | Packet Filtering specific messages | /var/log/pktfilter |
| local6 | HTTPD specific messages | /var/log/httpd/httpd_errors |
| local7 | Linux specific boot messages | /var/log/boot.log |
| cron | Messages related to the cron daemon | /var/log/cron |
| daemon | Messages related to system daemons (including named and ntpd) | /var/log/daemon.log |
| kern | Kernel messages | /var/log/kern.log |
| Mail system messages | /var/log/maillog | |
| auth | User authentication messages that do not contain sensitive information | /var/log/secure |
| authpriv | User authentication messages that contain sensitive information | /var/log/secure |
| ftp | Unused, messages for FTP are reported under daemon | N/A |
| lpr | Unused, printing support is not provided | N/A |
| mark | A facility that produces time-stamps at regular intervals | N/A |
| news | Unused, news server support is not provided | N/A |
| ntp | Unused, messages for ntpd are reported under daemon | N/A |
| user | Messages related to user processes | /var/log/user.log |
| uucp | Unused | None |
Levels
The following levels are available for each facility, as described in the following table. The facilities are listed in order of the severity of the messages they handle. Generally, higher levels contain all the messages for lower levels. For example, the alert level will generally also report all messages from the emerg level, and the debug level will generally also report all messages for all levels.
| Level |
Description |
Verbosity |
| emerg | Emergency system panic messages | Minimum |
| alert | Serious errors that require administrator intervention | Low |
| crit | Critical errors, including hardware and filesystem failures | Low |
| err | Non-critical, but possibly very important, error messages | Low |
| warning | Warning messages that should at least be logged for review | Medium |
| notice | Messages that contain useful information, but may be ignored | Medium |
| info | Messages that contain useful information, but may be ignored | High |
| debug | Messages that are only necessary for troubleshooting | Maximum |
Procedures
Displaying the level of information that syslog-ng sends to log files
Before you change a specific syslog facility level, you may want to display the current levels. To do so, perform the following procedure:
- Log in to the Traffic Management Shell (tmsh) by entering the following command:
tmsh
Note: If you are currently logged in to the tmsh shell, you can skip this step.
- Change to the /sys module by entering the following command:
/sys
- To list the level of information that syslog-ng sends to the log files, type the following command:
list syslog all-properties
Configuring the level of information that syslog-ng sends to log files
Impact of procedure: None.
- Log in to the Traffic Management Shell (tmsh) by entering the following command:
tmsh
Note: If you are currently logged in to the tmsh shell, you can skip this step.
- Change to the /sys module by entering the following command:
/sys
- Use the following syntax to modify the level of information that syslog-ng sends to log files:
modify syslog <option>
For example, the default log level range for the authpriv syslog facility is from notice to emerg. To change the authpriv syslog facility range from warning to emerg, enter the following command:modify syslog auth-priv-from warning
Note: For other syslog options, use the help /sys syslog command from the tmsh shell.
- Save the change by typing the following command:
save sys config
Supplemental Information
