Forum Discussion

Wasfi_182818's avatar
Wasfi_182818
Icon for Nimbostratus rankNimbostratus
Aug 26, 2016

Minimum Log level that will guarantee system admin activities logs

Hi;

 

What LTM log level will guarantee the logging system admin usernames when they login and logout. Is it notice or info? I mean I want to set it to the minimum that will achieve that requirements.

 

Kindly Wasfi

 

2 Replies

  • I don't know the exact values but I know for sure that the default settings will log the username.

     

  • where are you looking at the logs exactly? when i configure remote logging i get AUDIT events like this by default in my syslog server.

    Aug 27 15:01:28 10.3.25.8 Aug 27 15:02:25 bigip-01 notice httpd[19023]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016" end="Sat Aug 27 15:02:25 2016".
    
    Aug 27 15:01:23 10.3.25.8 Aug 27 15:02:20 bigip-01 notice httpd[23332]: 01070417:5: AUDIT - user username - RAW: httpd(mod_auth_pam): user=username(username) partition=[All] level=Administrator tty=/usr/bin/tmsh host=192.168.64.124 attempts=1 start="Sat Aug 27 15:02:20 2016".
    

    this happens unrelated to any log setting within the GUI it seems, i tried to disable Audit Logging but even that doesn't stop this.

    if you have any other configuration let me know.