Difference between revisions of "Custom Syslog Configuration"
From Tech-Wiki
(Created page with "Category:F5 Networks Using the standard method of syslog configuration on an F5 device, the device will normally send its syslog messages to one device and also on the same ...") |
(No difference)
|
Revision as of 06:46, 28 January 2011
Using the standard method of syslog configuration on an F5 device, the device will normally send its syslog messages to one device and also on the same level that they have been generated on the device.
What happens if you want to send to a different facility level on a remote host ?
You can use the command and configuration below to achieve this.
b syslog include '" template t_emerg { template(\"<176>$DATE $HOST $MSGHDR$MSG\n\"); template_escape(no); }; template t_alert { template(\"<177>$DATE $HOST $MSGHDR$MSG\n\"); template_escape(no); }; template t_crit { template(\"<178>$DATE $HOST $MSGHDR$MSG\n\"); template_escape(no); }; template t_err { template(\"<179>$DATE $HOST $MSGHDR$MSG\n\"); template_escape(no); }; template t_warning { template(\"<180>$DATE $HOST $MSGHDR$MSG\n\"); template_escape(no); }; template t_notice { template(\"<181>$DATE $HOST $MSGHDR$MSG\n\"); template_escape(no); }; destination remote_server_emerg { udp(\"SYSLOG IP\" port (514) template(t_emerg)); }; destination remote_server_alert { udp(\"SYSLOG IP\" port (514) template(t_alert)); }; destination remote_server_crit { udp(\"SYSLOG IP\" port (514) template(t_crit)); }; destination remote_server_err { udp(\"SYSLOG IP\" port (514) template(t_err)); }; destination remote_server_warning { udp(\"SYSLOG IP\" port (514) template(t_warning)); }; destination remote_server_notice { udp(\"SYSLOG IP\" port (514) template(t_notice)); }; filter f_logs_emerg { level (emerg); }; filter f_logs_alert { level (alert); }; filter f_logs_crit { level (crit); }; filter f_logs_err { level (err); }; filter f_logs_warning { level (warning); }; filter f_logs_notice { level (notice); }; log { source(local); filter(f_logs_emerg); destination(remote_server_emerg); }; log { source(local); filter(f_logs_alert); destination(remote_server_alert); }; log { source(local); filter(f_logs_crit); destination(remote_server_crit); }; log { source(local); filter(f_logs_err); destination(remote_server_err); }; log { source(local); filter(f_logs_warning); destination(remote_server_warning); }; log { source(local); filter(f_logs_notice); destination(remote_server_notice); };"'
This configuration with the use of a priority number (The number inside <>), to replace the priority on ALL syslog messages sent out. Using the current numbers this will send all messages to local6.info.
This priority number can be calculated using the following formula:
(numeric value of facility) * 8 + (numeric value of severity)
The numeric vaules are listed in the tables below.
Numerical Code | Facility |
---|---|
0 | kernel messages |
1 | user-level messages |
2 | mail system |
3 | system daemons |
4 | security/authorization messages |
5 | messages generated internally by syslogd |
6 | line printer subsystem |
7 | network news subsystem |
8 | UUCP subsystem |
9 | clock daemon |
10 | security/authorization messages |
11 | FTP daemon |
12 | NTP subsystem |
13 | log audit |
14 | log alert |
15 | clock daemon |
16 | local use 0 (local0) |
17 | local use 1 (local1) |
18 | local use 2 (local2) |
19 | local use 3 (local3) |
20 | local use 4 (local4) |
21 | local use 5 (local5) |
22 | local use 6 (local6) |
23 | local use 7 (local7) |
Numerical Code | Severity |
---|---|
0 | Emergency: system is unusable |
1 | Alert: action must be taken immediately |
2 | Critical: critical conditions |
3 | Error: error conditions |
4 | Warning: warning conditions |
5 | Notice: normal but significant condition |
6 | Informational: informational messages |
7 | Debug: debug-level messages |