Enterprise Manager provides a comprehensive set of auditing features so that you can track what types of enterprise management tasks were initiated from a particular Enterprise Manager system.
Viewing and managing log messages each provides you with continuous information about system events. Some events pertain to general operating system events, and some are specific to the Enterprise Manager system, such as the starting or stopping of a task, a software importation, or a device discovery.
The mechanism that the Enterprise Manager system uses to log events is the same as the BIG-IP system uses: the Linux utility syslog-ng. The syslog-ng utility is an enhanced version of the standard UNIX and Linux logging utility syslog.
The types of events that the Enterprise Manager system logs are:
Because Enterprise Manager is based on TMOS, the system logging feature works the same way as BIG-IP system logging, and the Enterprise Manager system logs all of the same information that the BIG-IP system does. You can review logging features, log types, and how to set log levels in the Logging BIG-IP System Events chapter in the BIG-IP Network and System Management Guide. You can use the procedures in that chapter to configure logging on the Enterprise Manager system. The following section describes additional processes that the Enterprise Manager system logs.
The Enterprise Manager system introduces four processes to TMOS that enable the system to manage other F5 devices in the network. The four processes are:
For each of these processes, Enterprise Manager can log a variety of events, including device discovery, software installations, alerts for managed devices, and tasks involving managed device configuration archives. When you enable audit logging, the process name appears in the system log along with a more specific description of the event.
Although the system event logging works in the same way as it does for a BIG-IP system, there are certain logging options that differ. Because the logging feature is designed to assist in traffic management, some of the logging options specific to traffic management may not apply to Enterprise Manager. When you set local traffic logging options, some of the events that you can choose to log may not produce logging, because Enterprise Manager does not deal with the same kind of traffic as a BIG-IP Local Traffic Manager system.
The Enterprise Manager system logs the messages for these events in the file /var/log/em.
By default, the auditing feature that logs system events is not activated. If you want to log system events, you must enable audit logging. Audit logging logs messages that pertain to configuration changes that users or services make to the Enterprise Manager system configuration.
Audit logging logs messages whenever a Enterprise Manager system object, such as a software image or a device group, is created, modified, or deleted. There are three ways that objects can be configured:
You can choose one of four log levels for audit logging. In this case, the log levels do not affect the severity of the log messages; instead, they affect the initiator of the audit event.
The log levels for audit logging are:
You can find the Enterprise Manager system log in the same location as you can find it on the BIG-IP system. On the Main tab of the navigation pane, expand System, and click Logs. You can then choose a log type from the menu bar, depending on the type of log that you want to view.