Thursday, 25 July 2019

BIG-IP log types






Each type of event is stored locally in a separate log file, and the information stored in each log file varies depending on the event type. All log files for these event types are in the /var/log directory.



1.Audit==The audit event messages are messages that the BIG-IP system logs as a result of changes to the BIG-IP system configuration. Logging audit events is optional.== /var/log/audit (Log file)


2. boot=The boot messages contain information that is logged when the system boots.==
/var/log/boot.log
(Log file)

3. cron=When the cron daemon starts a cron job, the daemon logs the information about the cron job in this file.=== /var/log/cron

4. daemon=The daemon messages are logged by various daemons that run on the system.== /var/log/daemon.log

5. dmesg=The dmesg messages contain kernel ring buffer information that pertains to the hardware devices that the kernel detects during the boot process.== /var/log/dmesg

6. GSLB=The GSLB messages pertain to global traffic management events.==
/var/log/gtm

7. httpd=The httpd messages contain the Apache Web server error log.==
/var/log/httpd/httpd_errors

8. kernel=The kernel messages are logged by the Linux kernel.==
/var/log/kern.log

9. local traffic=The local traffic messages pertain specifically to the BIG-IP local traffic management events.==
/var/log/ltm

10. mail=The mail messages contain the log information from the mail server that is running on the system.== /var/log/maillog

11. packet filter=The packet filter messages are those that result from the use of packet filters and packet-filter rules.==
/var/log/pktfilter

12. security=The secure log messages contain information related to authentication and authorization privileges.== /var/log/secure

13. system=The system event messages are based on global Linux events, and are not specific to BIG-IP local traffic management events==/var/log/messages

14. TMM=The TMM log messages are those that pertain to Traffic Management Microkernel events.==
/var/log/tmm

15. user=The user log messages contain information about all user level logs.==
/var/log/user.log

16. webui=The webui log messages display errors and exception details that pertain to the Configuration utility.== /var/log/webui.log



Local traffic log message format

The local traffic (ltm) log messages generated by the BIG-IP system include the following types of information:

<time stamp> <host name> <level> <service[pid]> <message code> <message text>

·        Time stamp: The time/date that the system logged the message

·        Host name: The host name of the BIG-IP system that generated the message

·        Service: The name of the service (and process ID) that generated the message

·        Message code: The code that is associated with the message. The code is comprised of the following sub-codes:
 

o   Product Code: The first two hex digits form the product code. For example, 0x01 is the BIG-IP product code.

o   Subset Code: The third and fourth hex digits are the subset code. For example, 0x2a is the subset code for LIBHAL.

o   Message Number: The next four digits form the message number within a module.

o   Severity Level: The last digit between the colon symbols is the severity level, with 0 being the highest severity level.

·        Message text: The description of the event that caused the system to log the message.



Audit log message format

The audit log messages generated by the BIG-IP system include the following types of information:

<time stamp> <host name> <level> <service[pid]> <message code> <user> <event>

·        Time stamp: The time/date that the system logged the message

·        Host name: The host name of the BIG-IP system that generated the message

·        Service: The name of the service (and process ID) that generated the message

·        Message code: The code that is associated with the message (refer to the previous Local traffic log message format section for Message code sub-code definitions)

·        User: The name of the user who made the configuration change, the user's partition, and the user's permission level

·        Event: The description of the configuration change or event that caused the system to log the message










No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...