Forum Discussion
2 Replies
Sort By
- Vijay_ECirrus
I don't know the exact values but I know for sure that the default settings will log the username.
where are you looking at the logs exactly? when i configure remote logging i get AUDIT events like this by default in my syslog server.
Aug 27 15:01:28 10.3.25.8 Aug 27 15:02:25 bigip-01 notice httpd[19023]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016" end="Sat Aug 27 15:02:25 2016". Aug 27 15:01:23 10.3.25.8 Aug 27 15:02:20 bigip-01 notice httpd[23332]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016".
this happens unrelated to any log setting within the GUI it seems, i tried to disable Audit Logging but even that doesn't stop this.
if you have any other configuration let me know.