Original Publication Date: 12/30/2011
Updated Date: 02/24/2015
This article applies to BIG-IP 11.x. For information about other versions, refer to the following article:
You should consider using this procedure under the following condition:
You must meet the following prerequisite to use this procedure:
The BIG-IP system uses the standard UNIX logging utility, syslog-ng, to deliver system messages to log files. You can configure the level of information that syslog-ng delivers to log files.
Note: Log messages for events related to Traffic Management Microkernel (TMM) are controlled by the alertd process. For detailed information about configuring the level of information logged for TMM events, refer to SOL5532: Configuring the level of information logged for TMM specific events.
Syslog-ng uses facilities and levels to describe system messages. Facilities describe the specific element of the system generating the message. Levels describe the severity of the message.
The following facilities are available on the BIG-IP system. Each facility handles messages for specific elements of the system, as described in the following table:
||Default log file
|local0||BIG-IP specific messages||/var/log/ltm|
|local1||EM specific messages
APM specific messages
|local2||GTM and Link Controller specific messages||/var/log/gtm|
|local3||ASM specific messages||/var/log/asm|
|local4||ITCM portal and server (iControl) specific messages||/var/log/ltm|
|local5||Packet Filtering specific messages||/var/log/pktfilter|
|local6||HTTPD specific messages||/var/log/httpd/httpd_errors|
|local7||Linux specific boot messages||/var/log/boot.log|
|cron||Messages related to the cron daemon||/var/log/cron|
|daemon||Messages related to system daemons (including named and ntpd)||/var/log/daemon.log|
|Mail system messages||/var/log/maillog|
|auth||User authentication messages that do not contain sensitive information||/var/log/secure|
|authpriv||User authentication messages that contain sensitive information||/var/log/secure|
|ftp||Unused, messages for FTP are reported under daemon||N/A|
|lpr||Unused, printing support is not provided||N/A|
|mark||A facility that produces time-stamps at regular intervals||N/A|
|news||Unused, news server support is not provided||N/A|
|ntp||Unused, messages for ntpd are reported under daemon||N/A|
|user||Messages related to user processes||/var/log/user.log|
The following levels are available for each facility, as described in the following table. The facilities are listed in order of the severity of the messages they handle. Generally, higher levels contain all the messages for lower levels. For example, the alert level will generally also report all messages from the emerg level, and the debug level will generally also report all messages for all levels.
|emerg||Emergency system panic messages||Minimum|
|alert||Serious errors that require administrator intervention||Low|
|crit||Critical errors, including hardware and filesystem failures||Low|
|err||Non-critical, but possibly very important, error messages||Low|
|warning||Warning messages that should at least be logged for review||Medium|
|notice||Messages that contain useful information, but may be ignored||Medium|
|info||Messages that contain useful information, but may be ignored||High|
|debug||Messages that are only necessary for troubleshooting||Maximum|
Displaying the level of information that syslog-ng sends to log files
Before you change a specific syslog facility level, you may want to display the current levels. To do so, perform the following procedure:
list /sys syslog all-properties
Configuring the level of information that syslog-ng sends to log files
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
modify /sys syslog <option>For example, the default log level range for the authpriv syslog facility is from notice to emerg. To change the authpriv syslog facility range from warning to emerg, type the following command:
modify /sys syslog auth-priv-from warning
Note: For other syslog options, use the help /sys syslog command from the tmsh shell.
save /sys config