Bug ID 1253621: Remote logging SSL Orchestrator Audit logs when running in the Appliance mode

Last Modified: Dec 18, 2024

Affected Product(s):
BIG-IP SSLO(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2

Opened: Feb 28, 2023

Severity: 2-Critical

Symptoms

In the Appliance mode, access to the advanced shell(bash)/root is removed. In this scenario, SSL Orchestrator writes audit logs to the local file system which is inaccessible in this mode.

Impact

You cannot access SSL Orchestrator Audit logs as the access to shell is restricted.

Conditions

BIG-IP system running in the appliance mode.

Workaround

Configure syslog to write logs from the ssloAudit.log file to the remote logging server. 1. Run the syslog server on the remote destination 2. Log in to tmsh by entering the following command: tmsh 3. Modify syslog configuration to write the audit logs to syslog server using UDP protocol modify sys syslog include 'source s_sslo_audit { file("/var/log/restnoded/ssloAudit.log" follow_freq(1) flags(no-parse)); }; destination d_to_secure_syslog { syslog(<remote-server-ip> transport(udp) port(514) ); }; log { source(s_sslo_audit);destination(d_to_secure_syslog); };' 4. To save the configuration, enter the following command: save /sys config 5. For BIG-IP systems in a high availability (HA) configuration, perform a ConfigSync to synchronize the changes to the other devices in the device group.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips