iRule logging issue in 9.4.1 ??

Hey Jason,

 

 

Was your /etc/syslog-ng/syslog-ng.conf file overwritten? Where is local0.info being directed to?

 

 

I haven't seen any issues on 9.4.0 with syslog-ng logging from iRules. By default, any messages containing the string AUDIT should be logged to /var/log/audit. All other local0 messages should go to /var/log/ltm. Here is an example:

 

 

 

local0.* /var/log/ltm

 

filter f_local0 {

 

facility(local0) and level(info..emerg);

 

};

 

 

destination d_ltm {

 

file("/var/log/ltm" create_dirs(yes));

 

};

 

 

log {

 

source(local);

 

filter(f_local0);

 

destination(d_ltm);

 

};

 

 

audit log /var/log/audit

 

filter f_audit {

 

facility(local0) and match("AUDIT");

 

};

 

 

destination d_audit {

 

file("/var/log/audit" create_dirs(yes));

 

};

 

 

log {

 

source(local);

 

filter(f_audit);

 

destination(d_audit);

 

};

 

 

 

 

Aaron

Yeah, I checked the syslog-ng config file and all was fine. A /usr/bin/full_box_reboot did the trick. I hate it when my LTM behaves like my PC.

Yep, here's my progression:

 

 

bigstart restart syslog-ng

 

bigstart restart syslog & bigstart restart syslog-ng

 

bigstart restart

 

 

No dice with any of the above.