Applies To:

Show Versions Show Versions

sol13317: Configuring the level of information that syslog-ng sends to log files (11.x - 12.x)
How-ToHow-To

Original Publication Date: 12/30/2011
Updated Date: 07/05/2016

Topic

This article applies to BIG-IP 11.x - 12.x. For information about other versions, refer to the following article:

Purpose

You should consider using this procedure under the following condition:

  • You want to change the level of information that the syslog-ng utility delivers to the BIG-IP log files.

Prerequisites

You must meet the following prerequisite to use this procedure:

  • You must have administrator or resource administrator access to the Configuration utility or Traffic Management Shell (tmsh).

Description

The BIG-IP system uses the standard UNIX logging utility, syslog-ng, to deliver system messages to log files. You can configure the level of information that syslog-ng delivers to log files.

Note: Log messages for events related to Traffic Management Microkernel (TMM) are controlled by the alertd process. For detailed information about configuring the level of information logged for TMM events, refer to SOL5532: Configuring the level of information logged for TMM specific events.

Syslog-ng uses facilities and levels to describe system messages. Facilities describe the specific element of the system generating the message. Levels describe the severity of the message.

Facilities

The following facilities are available on the BIG-IP system. Each facility handles messages for specific elements of the system, as described in the following table:

FacilityDescriptionDefault log file
local0BIG-IP specific messages/var/log/ltm
local1EM specific messages
APM specific messages
/var/log/em
/var/log/apm
local2GTM and Link Controller specific messages/var/log/gtm
local3ASM specific messages/var/log/asm
local4ITCM portal and server (iControl) specific messages/var/log/ltm
local5Packet Filtering specific messages/var/log/pktfilter
local6HTTPD specific messages/var/log/httpd/httpd_errors
local7Linux specific boot messages/var/log/boot.log
cronMessages related to the cron daemon/var/log/cron
daemonMessages related to system daemons (including named and ntpd)/var/log/daemon.log
kernKernel messages/var/log/kern.log
mailMail system messages/var/log/maillog
authUser authentication messages that do not contain sensitive information/var/log/secure
authprivUser authentication messages that contain sensitive information/var/log/secure
ftpUnused, messages for FTP are reported under daemonN/A
lprUnused, printing support is not providedN/A
markA facility that produces time-stamps at regular intervalsN/A
newsUnused, news server support is not providedN/A
ntpUnused, messages for ntpd are reported under daemonN/A
userMessages related to user processes/var/log/user.log
uucpUnusedNone

Levels

The following levels are available for each facility, as described in the following table. The facilities are listed in order of the severity of the messages they handle. Generally, higher levels contain all the messages for lower levels. For example, the alert level will generally also report all messages from the emerg level, and the debug level will generally also report all messages for all levels.

LevelDescriptionVerbosity
emergEmergency system panic messagesMinimum
alertSerious errors that require administrator interventionLow
critCritical errors, including hardware and filesystem failuresLow
errNon-critical, but possibly very important, error messagesLow
warningWarning messages that should at least be logged for reviewMedium
noticeMessages that contain useful information, but may be ignoredMedium
infoMessages that contain useful information, but may be ignoredHigh
debugMessages that are only necessary for troubleshootingMaximum

Procedures

Displaying the level of information that syslog-ng sends to log files

Before you change a specific syslog facility level, you may want to display the current levels. To do so, perform the following procedure:

  1. Log in to the Traffic Management Shell (tmsh) by typing the following command:

    tmsh

  2. To list the level of information that syslog-ng sends to the log files, type the following command:

    list /sys syslog all-properties

Configuring the level of information that syslog-ng sends to log files

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

  1. Log in to the Traffic Management Shell (tmsh) by typing the following command:

    tmsh

  2. Use the following syntax to modify the level of information that syslog-ng sends to log files:

    modify /sys syslog <option>

    For example, the default log level range for the authpriv syslog facility is from notice to emerg. To change the authpriv syslog facility range from warning to emerg, type the following command:

    modify /sys syslog auth-priv-from warning

    Note: For other syslog options, use the help /sys syslog command from the tmsh utility.

  3. Save the change by typing the following command:

    save /sys config

Supplemental Information

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)