Bug ID 1253621: Remote logging SSL Orchestrator Audit logs when running in the Appliance mode

Last Modified: Nov 02, 2023

Affected Product(s):
BIG-IP SSLO(all modules)

Known Affected Versions:
15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,, 17.1.0,,,, 17.1.1

Opened: Feb 28, 2023

Severity: 2-Critical


In the Appliance mode, access to the advanced shell(bash)/root is removed. In this scenario, SSL Orchestrator writes audit logs to the local file system which is inaccessible in this mode.


You cannot access SSL Orchestrator Audit logs as the access to shell is restricted.


BIG-IP system running in the appliance mode.


Configure syslog to write logs from the ssloAudit.log file to the remote logging server. 1. Run the syslog server on the remote destination 2. Log in to tmsh by entering the following command: tmsh 3. Modify syslog configuration to write the audit logs to syslog server using UDP protocol modify sys syslog include 'source s_sslo_audit { file("/var/log/restnoded/ssloAudit.log" follow_freq(1) flags(no-parse)); }; destination d_to_secure_syslog { syslog(<remote-server-ip> transport(udp) port(514) ); }; log { source(s_sslo_audit);destination(d_to_secure_syslog); };' 4. To save the configuration, enter the following command: save /sys config 5. For BIG-IP systems in a high availability (HA) configuration, perform a ConfigSync to synchronize the changes to the other devices in the device group.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips