Configure syslog server on F5 BIG-IP

Syslog servers are a great idea they centralise all your logs from your Servers and networking devices.

I used for the syslog server the following command

bigpipe syslog remote server '' host add

After that everything looked fine and I saw syslog messages but I got lots of informational messages and the following debug message.

debug snmpd[PID]: error on subcontainer 'ia_addr' insert (-1)

For the debug message I found a solution on AskF5:

There is saw that I went the wrong way of configuring syslog on my load balancer, I also needed to set the log level for remote syslog server. Here the solution from F5:

1. Log in to the command line of the BIP-IP

2. Create in /tmp/ file with the syslog configuration.

syslog include "
filter f_remote_loghost {
destination d_loghost {
udp(\"\" port(514));
log {

3. To remove the currently configured remote syslog servers, type the following command:
Important: This step disables all remote logging.

[root@l-ltm-ve-01:Active] tmp # b syslog remote server none

4. Copy the changes into the configuration

[root@l-ltm-ve-01:Active] tmp # bpsh < /tmp/

5. Refresh and start syslog deamon

[root@l-ltm-ve-01:Active] tmp # syslog-ng -s

6. Save the configuration

[root@l-ltm-ve-01:Active] tmp # b save all
/config/bigip_base.conf was renamed to /config/bigip_base.conf.bak (86 lines).
/config/bigip_sys.conf was renamed to /config/bigip_sys.conf.bak (66 lines).
/config/bigip.conf was renamed to /config/bigip.conf.bak (894 lines).
/config/bigip_local.conf was renamed to /config/bigip_local.conf.bak (1 lines).
[root@l-ltm-ve-01:Active] tmp #

If the new logging configuration is not working as expected, make the desired changes to the /tmp/ file and return to Step 2.

When the syslog-ng -s command reports the following error message:

# syslog-ng -s syntax error at 751

Remove the syslog include entries by typing the following command:

bigpipe syslog include none

Review the import configuration for syntax errors before attempting to re-import by typing the command listed in Step 2.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.